Setting config can be frontran by `startAuction`
Summary
A call to startAuction can be initiated before setting the auction config. This will result in the auction starting at unexpected times with unexpected parameters.
Vulnerability Details
DaiGoldAuction.startAuction() can be called by anyone if auctionStarter == 0.
In the following sequence:
Auction A ends
Admin sets config for auction B
Auction B starts
It's possible that startAuction is initiated before step 2. Then the auction will start with the previous config for AUCTION_DURATION.
It's especially dangerous for the very first distribution because startAuction will be callable at any point in time since EpochLib.hasEnded() returns true because endTime == 0.
Impact
Anyone can start the first auction with empty configs. Users will probably not interact with the protocol for the duration of the auction because the accrued gold will not be sufficient for them to bid.
Auctions can also be started with the config of the previous one by frontrunning the setting of the config.
Tools Used
Manual Review
Recommendations
Instead of having one config for the next auction, consider adding config to each auction. Then check if the config was set in startAuction
Lead Judging Commences
`startAuction` the second the DaiGoldAuction is deployed can be used to DOS the contract
Appeal created
`startAuction` the second the DaiGoldAuction is deployed can be used to DOS the contract
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.