The highestBidder can get undesired tokens due to unchecked change in the StaderConfig by the DEFAULT_ADMIN_ROLE. This can also lead to the funds stuck in the contract.
Proof of Concept
The updateStaderConfig(address) function can be used to change the config at any time, instead it should be changed only when the auction is not running.
Since StaderConfig.sol contains the function to change the SD tokens which are then claimed after the auction ends, the tokens returned will be different and funds can also be stuck in some cases when the new SD tokens contract has not enough tokens.
This can do a total loss of funds in any amount.
Even any function that changes state can lead to unexpected outcomes after the auction ends.
Recommended Mitigation Steps
There should a condition to be included in the updateStaderConfig(address) function which says that auction should not be running while changing the StaderConfig.
if (block.number <= lotItem.endBlock) revert AuctionNotEnded();
Lines of code
https://github.com/code-423n4/2023-06-stader/blob/main/contracts/Auction.sol#L138
Vulnerability details
Impact
The
highestBidder
can get undesired tokens due to unchecked change in theStaderConfig
by theDEFAULT_ADMIN_ROLE
. This can also lead to the funds stuck in the contract.Proof of Concept
The
updateStaderConfig(address)
function can be used to change the config at any time, instead it should be changed only when the auction is not running. SinceStaderConfig.sol
contains the function to change the SD tokens which are then claimed after the auction ends, the tokens returned will be different and funds can also be stuck in some cases when the new SD tokens contract has not enough tokens. This can do a total loss of funds in any amount. Even any function that changes state can lead to unexpected outcomes after the auction ends.Recommended Mitigation Steps
There should a condition to be included in the
updateStaderConfig(address)
function which says that auction should not be running while changing theStaderConfig
.Assessed type
Other