search

code-423n4 / 2023-06-stader-findings

1 stars 1 forks source link

Complete Loss of Tokens and Value after the auction ends #411

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-06-stader/blob/main/contracts/Auction.sol#L138

Vulnerability details

Impact

The highestBidder can get undesired tokens due to unchecked change in the StaderConfig by the DEFAULT_ADMIN_ROLE. This can also lead to the funds stuck in the contract.

Proof of Concept

The updateStaderConfig(address) function can be used to change the config at any time, instead it should be changed only when the auction is not running. Since StaderConfig.sol contains the function to change the SD tokens which are then claimed after the auction ends, the tokens returned will be different and funds can also be stuck in some cases when the new SD tokens contract has not enough tokens. This can do a total loss of funds in any amount. Even any function that changes state can lead to unexpected outcomes after the auction ends.

Recommended Mitigation Steps

There should a condition to be included in the updateStaderConfig(address) function which says that auction should not be running while changing the StaderConfig.

        if (block.number <= lotItem.endBlock) revert AuctionNotEnded();

Assessed type

Other

c4-judge commented 1 year ago

Picodes changed the severity to QA (Quality Assurance)