TempleGold

Summary

Since configs for epoch auctions are hold in a single object, changing the auctionsTimeDiff for the new epoch will affect the auctionsTimeDiff of the previous epoch as well.

Vulnerability Details

Imagine the following scenario:
1. The owner want to start an auction in epoch X with auctionsTimeDiff = 3 days. This means epoch X + 1 auction can start at least 3 days after epoch X ends.
2. Epoch X ends and the owner sets the config with auctionsTimeDiff = 1 day because they want to have 1 day gap between epoch X + 1 and epoch X + 2.

Because the config is one object for both the past and current epoch, the new auctionsTimeDiff will affect epoch X as well. Epoch X + 1 can be started when 1 days passes since the end of epoch X, and not 3 days as initially planned.

Impact

Unexpected changes to the auctionsTimeDiff of the previous epoch.

Tools Used

Manual Review

Recommendations

Instead of having one auctionsTimeDiff, consider adding it per epoch.