From 99dbe2829c52161ce7e62205141cc95f4794f12a Mon Sep 17 00:00:00 2001 From: princetonbishop Date: Tue, 17 Sep 2024 21:17:42 +0200 Subject: [PATCH] audit h02 --- .../interfaces/templegold/ITempleGold.sol | 1 - .../contracts/templegold/SpiceAuction.sol | 10 +- protocol/contracts/templegold/TempleGold.sol | 8 +- protocol/slither.db.json | 6131 +++++++++++++++++ .../test/forge/templegold/SpiceAuction.t.sol | 95 +- 5 files changed, 6236 insertions(+), 9 deletions(-) diff --git a/protocol/contracts/interfaces/templegold/ITempleGold.sol b/protocol/contracts/interfaces/templegold/ITempleGold.sol index c42c68efc..079572dd8 100644 --- a/protocol/contracts/interfaces/templegold/ITempleGold.sol +++ b/protocol/contracts/interfaces/templegold/ITempleGold.sol @@ -141,7 +141,6 @@ interface ITempleGold is IOFT, IOAppCore, IOAppOptionsType3, IERC20 { /** * @notice Burn and update circulating supply on source chain - * @dev Caller must be authorized. eg. spice auction * @param amount Amount to burn */ function burn(uint256 amount) external; diff --git a/protocol/contracts/templegold/SpiceAuction.sol b/protocol/contracts/templegold/SpiceAuction.sol index e80d1a4e1..c321ecf80 100644 --- a/protocol/contracts/templegold/SpiceAuction.sol +++ b/protocol/contracts/templegold/SpiceAuction.sol @@ -379,12 +379,16 @@ contract SpiceAuction is ISpiceAuction, AuctionBase, ReentrancyGuard { EpochInfo storage epochInfo = epochs[epochId]; if (epochInfo.startTime == 0) { revert InvalidEpoch(); } if (!epochInfo.hasEnded()) { revert AuctionActive(); } + + SpiceAuctionConfig storage _config = auctionConfigs[epochId]; + (address bidToken,) = _getBidAndAuctionTokens(_config); + if (bidToken != templeGold) { revert CommonEventsAndErrors.InvalidParam(); } uint256 amount = epochInfo.totalBidTokenAmount; if (amount == 0) { revert CommonEventsAndErrors.ExpectedNonZero(); } emit RedeemedTempleGoldBurned(epochId, amount); redeemedEpochs[epochId] = true; - _burnAndNotify(amount, useContractEth); + _burnAndNotify(amount, _config.recipient, useContractEth); } /** @@ -435,7 +439,9 @@ contract SpiceAuction is ISpiceAuction, AuctionBase, ReentrancyGuard { : (templeGold, spiceToken); } - function _burnAndNotify(uint256 amount, bool useContractEth) private { + function _burnAndNotify(uint256 amount, address from, bool useContractEth) private { + // pull funds from bids recipient (set in config) + IERC20(templeGold).safeTransferFrom(from, address(this), amount); // burn directly and call TempleGold to update circulating supply if (block.chainid == _mintChainId) { ITempleGold(templeGold).burn(amount); diff --git a/protocol/contracts/templegold/TempleGold.sol b/protocol/contracts/templegold/TempleGold.sol index 0db32f7b0..ed6fb68bf 100644 --- a/protocol/contracts/templegold/TempleGold.sol +++ b/protocol/contracts/templegold/TempleGold.sol @@ -329,11 +329,9 @@ import { TempleMath } from "contracts/common/TempleMath.sol"; /** * @notice Burn and update circulating supply on source chain - * @dev Caller must be authorized. eg. spice auction * @param amount Amount to burn */ function burn(uint256 amount) external override onlyArbitrum { - if (!authorized[msg.sender]) { revert CommonEventsAndErrors.InvalidAccess(); } _burn(msg.sender, amount); _updateCirculatingSupply(msg.sender, amount); } @@ -364,7 +362,7 @@ import { TempleMath } from "contracts/common/TempleMath.sol"; // already checked destination Eid for burn case in `send` // update circulating supply // _origin.sender is spice auction - _updateCirculatingSupply(_origin.sender.bytes32ToAddress(), _message.amountSD()); + _updateCirculatingSupply(_origin.sender.bytes32ToAddress(), _toLD(_message.amountSD())); } else { /// @dev The src sending chain doesnt know the address length on this chain (potentially non-evm) // Thus everything is bytes32() encoded in flight. @@ -378,8 +376,8 @@ import { TempleMath } from "contracts/common/TempleMath.sol"; function _updateCirculatingSupply(address sender, uint256 amount) private { uint256 _totalBurnedCache = _totalBurnedFromSpiceAuctions = _totalBurnedFromSpiceAuctions + amount; - uint256 _circulatingSuppplyCache = _circulatingSupply = _circulatingSupply - amount; - emit CirculatingSupplyUpdated(sender, amount, _circulatingSuppplyCache, _totalBurnedCache); + uint256 _circulatingSupplyCache = _circulatingSupply = _circulatingSupply - amount; + emit CirculatingSupplyUpdated(sender, amount, _circulatingSupplyCache, _totalBurnedCache); } modifier onlyArbitrum() { diff --git a/protocol/slither.db.json b/protocol/slither.db.json index 4d6608e85..5315c4692 100644 --- a/protocol/slither.db.json +++ b/protocol/slither.db.json @@ -1,4 +1,6135 @@ [ + { + "elements": [ + { + "type": "function", + "name": "_burnAndNotify", + "source_mapping": { + "start": 20927, + "length": 1866, + "filename_relative": "contracts/templegold/SpiceAuction.sol", + "filename_absolute": "/Users/pb/code/delete_later/hawks_fix/temple/protocol/contracts/templegold/SpiceAuction.sol", + "filename_short": "contracts/templegold/SpiceAuction.sol", + "is_dependency": false, + "lines": [ + 442, + 443, + 444, + 445, + 446, + 447, + 448, + 449, + 450, + 451, + 452, + 453, + 454, + 455, + 456, + 457, + 458, + 459, + 460, + 461, + 462, + 463, + 464, + 465, + 466, + 467, + 468, + 469, + 470, + 471, + 472, + 473, + 474, + 475, + 476, + 477, + 478, + 479, + 480 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "SpiceAuction", + "source_mapping": { + "start": 1761, + "length": 21494, + "filename_relative": "contracts/templegold/SpiceAuction.sol", + "filename_absolute": "/Users/pb/code/delete_later/hawks_fix/temple/protocol/contracts/templegold/SpiceAuction.sol", + "filename_short": "contracts/templegold/SpiceAuction.sol", + "is_dependency": false, + "lines": [ + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47, + 48, + 49, + 50, + 51, + 52, + 53, + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70, + 71, + 72, + 73, + 74, + 75, + 76, + 77, + 78, + 79, + 80, + 81, + 82, + 83, + 84, + 85, + 86, + 87, + 88, + 89, + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97, + 98, + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108, + 109, + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128, + 129, + 130, + 131, + 132, + 133, + 134, + 135, + 136, + 137, + 138, + 139, + 140, + 141, + 142, + 143, + 144, + 145, + 146, + 147, + 148, + 149, + 150, + 151, + 152, + 153, + 154, + 155, + 156, + 157, + 158, + 159, + 160, + 161, + 162, + 163, + 164, + 165, + 166, + 167, + 168, + 169, + 170, + 171, + 172, + 173, + 174, + 175, + 176, + 177, + 178, + 179, + 180, + 181, + 182, + 183, + 184, + 185, + 186, + 187, + 188, + 189, + 190, + 191, + 192, + 193, + 194, + 195, + 196, + 197, + 198, + 199, + 200, + 201, + 202, + 203, + 204, + 205, + 206, + 207, + 208, + 209, + 210, + 211, + 212, + 213, + 214, + 215, + 216, + 217, + 218, + 219, + 220, + 221, + 222, + 223, + 224, + 225, + 226, + 227, + 228, + 229, + 230, + 231, + 232, + 233, + 234, + 235, + 236, + 237, + 238, + 239, + 240, + 241, + 242, + 243, + 244, + 245, + 246, + 247, + 248, + 249, + 250, + 251, + 252, + 253, + 254, + 255, + 256, + 257, + 258, + 259, + 260, + 261, + 262, + 263, + 264, + 265, + 266, + 267, + 268, + 269, + 270, + 271, + 272, + 273, + 274, + 275, + 276, + 277, + 278, + 279, + 280, + 281, + 282, + 283, + 284, + 285, + 286, + 287, + 288, + 289, + 290, + 291, + 292, + 293, + 294, + 295, + 296, + 297, + 298, + 299, + 300, + 301, + 302, + 303, + 304, + 305, + 306, + 307, + 308, + 309, + 310, + 311, + 312, + 313, + 314, + 315, + 316, + 317, + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332, + 333, + 334, + 335, + 336, + 337, + 338, + 339, + 340, + 341, + 342, + 343, + 344, + 345, + 346, + 347, + 348, + 349, + 350, + 351, + 352, + 353, + 354, + 355, + 356, + 357, + 358, + 359, + 360, + 361, + 362, + 363, + 364, + 365, + 366, + 367, + 368, + 369, + 370, + 371, + 372, + 373, + 374, + 375, + 376, + 377, + 378, + 379, + 380, + 381, + 382, + 383, + 384, + 385, + 386, + 387, + 388, + 389, + 390, + 391, + 392, + 393, + 394, + 395, + 396, + 397, + 398, + 399, + 400, + 401, + 402, + 403, + 404, + 405, + 406, + 407, + 408, + 409, + 410, + 411, + 412, + 413, + 414, + 415, + 416, + 417, + 418, + 419, + 420, + 421, + 422, + 423, + 424, + 425, + 426, + 427, + 428, + 429, + 430, + 431, + 432, + 433, + 434, + 435, + 436, + 437, + 438, + 439, + 440, + 441, + 442, + 443, + 444, + 445, + 446, + 447, + 448, + 449, + 450, + 451, + 452, + 453, + 454, + 455, + 456, + 457, + 458, + 459, + 460, + 461, + 462, + 463, + 464, + 465, + 466, + 467, + 468, + 469, + 470, + 471, + 472, + 473, + 474, + 475, + 476, + 477, + 478, + 479, + 480, + 481, + 482, + 483, + 484, + 485, + 486, + 487, + 488, + 489, + 490, + 491, + 492, + 493, + 494, + 495, + 496 + ], + "starting_column": 1, + "ending_column": 0 + } + }, + "signature": "_burnAndNotify(uint256,address,bool)" + } + }, + { + "type": "node", + "name": "IERC20(templeGold).safeTransferFrom(from,address(this),amount)", + "source_mapping": { + "start": 21078, + "length": 64, + "filename_relative": "contracts/templegold/SpiceAuction.sol", + "filename_absolute": "/Users/pb/code/delete_later/hawks_fix/temple/protocol/contracts/templegold/SpiceAuction.sol", + "filename_short": "contracts/templegold/SpiceAuction.sol", + "is_dependency": false, + "lines": [ + 444 + ], + "starting_column": 9, + "ending_column": 73 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "_burnAndNotify", + "source_mapping": { + "start": 20927, + "length": 1866, + "filename_relative": "contracts/templegold/SpiceAuction.sol", + "filename_absolute": "/Users/pb/code/delete_later/hawks_fix/temple/protocol/contracts/templegold/SpiceAuction.sol", + "filename_short": "contracts/templegold/SpiceAuction.sol", + "is_dependency": false, + "lines": [ + 442, + 443, + 444, + 445, + 446, + 447, + 448, + 449, + 450, + 451, + 452, + 453, + 454, + 455, + 456, + 457, + 458, + 459, + 460, + 461, + 462, + 463, + 464, + 465, + 466, + 467, + 468, + 469, + 470, + 471, + 472, + 473, + 474, + 475, + 476, + 477, + 478, + 479, + 480 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "SpiceAuction", + "source_mapping": { + "start": 1761, + "length": 21494, + "filename_relative": "contracts/templegold/SpiceAuction.sol", + "filename_absolute": "/Users/pb/code/delete_later/hawks_fix/temple/protocol/contracts/templegold/SpiceAuction.sol", + "filename_short": "contracts/templegold/SpiceAuction.sol", + "is_dependency": false, + "lines": [ + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47, + 48, + 49, + 50, + 51, + 52, + 53, + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70, + 71, + 72, + 73, + 74, + 75, + 76, + 77, + 78, + 79, + 80, + 81, + 82, + 83, + 84, + 85, + 86, + 87, + 88, + 89, + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97, + 98, + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108, + 109, + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128, + 129, + 130, + 131, + 132, + 133, + 134, + 135, + 136, + 137, + 138, + 139, + 140, + 141, + 142, + 143, + 144, + 145, + 146, + 147, + 148, + 149, + 150, + 151, + 152, + 153, + 154, + 155, + 156, + 157, + 158, + 159, + 160, + 161, + 162, + 163, + 164, + 165, + 166, + 167, + 168, + 169, + 170, + 171, + 172, + 173, + 174, + 175, + 176, + 177, + 178, + 179, + 180, + 181, + 182, + 183, + 184, + 185, + 186, + 187, + 188, + 189, + 190, + 191, + 192, + 193, + 194, + 195, + 196, + 197, + 198, + 199, + 200, + 201, + 202, + 203, + 204, + 205, + 206, + 207, + 208, + 209, + 210, + 211, + 212, + 213, + 214, + 215, + 216, + 217, + 218, + 219, + 220, + 221, + 222, + 223, + 224, + 225, + 226, + 227, + 228, + 229, + 230, + 231, + 232, + 233, + 234, + 235, + 236, + 237, + 238, + 239, + 240, + 241, + 242, + 243, + 244, + 245, + 246, + 247, + 248, + 249, + 250, + 251, + 252, + 253, + 254, + 255, + 256, + 257, + 258, + 259, + 260, + 261, + 262, + 263, + 264, + 265, + 266, + 267, + 268, + 269, + 270, + 271, + 272, + 273, + 274, + 275, + 276, + 277, + 278, + 279, + 280, + 281, + 282, + 283, + 284, + 285, + 286, + 287, + 288, + 289, + 290, + 291, + 292, + 293, + 294, + 295, + 296, + 297, + 298, + 299, + 300, + 301, + 302, + 303, + 304, + 305, + 306, + 307, + 308, + 309, + 310, + 311, + 312, + 313, + 314, + 315, + 316, + 317, + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332, + 333, + 334, + 335, + 336, + 337, + 338, + 339, + 340, + 341, + 342, + 343, + 344, + 345, + 346, + 347, + 348, + 349, + 350, + 351, + 352, + 353, + 354, + 355, + 356, + 357, + 358, + 359, + 360, + 361, + 362, + 363, + 364, + 365, + 366, + 367, + 368, + 369, + 370, + 371, + 372, + 373, + 374, + 375, + 376, + 377, + 378, + 379, + 380, + 381, + 382, + 383, + 384, + 385, + 386, + 387, + 388, + 389, + 390, + 391, + 392, + 393, + 394, + 395, + 396, + 397, + 398, + 399, + 400, + 401, + 402, + 403, + 404, + 405, + 406, + 407, + 408, + 409, + 410, + 411, + 412, + 413, + 414, + 415, + 416, + 417, + 418, + 419, + 420, + 421, + 422, + 423, + 424, + 425, + 426, + 427, + 428, + 429, + 430, + 431, + 432, + 433, + 434, + 435, + 436, + 437, + 438, + 439, + 440, + 441, + 442, + 443, + 444, + 445, + 446, + 447, + 448, + 449, + 450, + 451, + 452, + 453, + 454, + 455, + 456, + 457, + 458, + 459, + 460, + 461, + 462, + 463, + 464, + 465, + 466, + 467, + 468, + 469, + 470, + 471, + 472, + 473, + 474, + 475, + 476, + 477, + 478, + 479, + 480, + 481, + 482, + 483, + 484, + 485, + 486, + 487, + 488, + 489, + 490, + 491, + 492, + 493, + 494, + 495, + 496 + ], + "starting_column": 1, + "ending_column": 0 + } + }, + "signature": "_burnAndNotify(uint256,address,bool)" + } + } + } + } + ], + "description": "SpiceAuction._burnAndNotify(uint256,address,bool) (contracts/templegold/SpiceAuction.sol#442-480) uses arbitrary from in transferFrom: IERC20(templeGold).safeTransferFrom(from,address(this),amount) (contracts/templegold/SpiceAuction.sol#444)\n", + "markdown": "[SpiceAuction._burnAndNotify(uint256,address,bool)](contracts/templegold/SpiceAuction.sol#L442-L480) uses arbitrary from in transferFrom: [IERC20(templeGold).safeTransferFrom(from,address(this),amount)](contracts/templegold/SpiceAuction.sol#L444)\n", + "first_markdown_element": "contracts/templegold/SpiceAuction.sol#L442-L480", + "id": "a2742b236abbf47bc2cde5c80593e1e031b15cfed413c70377c488b73aeb34be", + "check": "arbitrary-send-erc20", + "impact": "High", + "confidence": "High" + }, + { + "elements": [ + { + "type": "function", + "name": "_burnAndNotify", + "source_mapping": { + "start": 20927, + "length": 1866, + "filename_relative": "contracts/templegold/SpiceAuction.sol", + "filename_absolute": "/Users/pb/code/delete_later/hawks_fix/temple/protocol/contracts/templegold/SpiceAuction.sol", + "filename_short": "contracts/templegold/SpiceAuction.sol", + "is_dependency": false, + "lines": [ + 442, + 443, + 444, + 445, + 446, + 447, + 448, + 449, + 450, + 451, + 452, + 453, + 454, + 455, + 456, + 457, + 458, + 459, + 460, + 461, + 462, + 463, + 464, + 465, + 466, + 467, + 468, + 469, + 470, + 471, + 472, + 473, + 474, + 475, + 476, + 477, + 478, + 479, + 480 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "SpiceAuction", + "source_mapping": { + "start": 1761, + "length": 21494, + "filename_relative": "contracts/templegold/SpiceAuction.sol", + "filename_absolute": "/Users/pb/code/delete_later/hawks_fix/temple/protocol/contracts/templegold/SpiceAuction.sol", + "filename_short": "contracts/templegold/SpiceAuction.sol", + "is_dependency": false, + "lines": [ + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47, + 48, + 49, + 50, + 51, + 52, + 53, + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70, + 71, + 72, + 73, + 74, + 75, + 76, + 77, + 78, + 79, + 80, + 81, + 82, + 83, + 84, + 85, + 86, + 87, + 88, + 89, + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97, + 98, + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108, + 109, + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128, + 129, + 130, + 131, + 132, + 133, + 134, + 135, + 136, + 137, + 138, + 139, + 140, + 141, + 142, + 143, + 144, + 145, + 146, + 147, + 148, + 149, + 150, + 151, + 152, + 153, + 154, + 155, + 156, + 157, + 158, + 159, + 160, + 161, + 162, + 163, + 164, + 165, + 166, + 167, + 168, + 169, + 170, + 171, + 172, + 173, + 174, + 175, + 176, + 177, + 178, + 179, + 180, + 181, + 182, + 183, + 184, + 185, + 186, + 187, + 188, + 189, + 190, + 191, + 192, + 193, + 194, + 195, + 196, + 197, + 198, + 199, + 200, + 201, + 202, + 203, + 204, + 205, + 206, + 207, + 208, + 209, + 210, + 211, + 212, + 213, + 214, + 215, + 216, + 217, + 218, + 219, + 220, + 221, + 222, + 223, + 224, + 225, + 226, + 227, + 228, + 229, + 230, + 231, + 232, + 233, + 234, + 235, + 236, + 237, + 238, + 239, + 240, + 241, + 242, + 243, + 244, + 245, + 246, + 247, + 248, + 249, + 250, + 251, + 252, + 253, + 254, + 255, + 256, + 257, + 258, + 259, + 260, + 261, + 262, + 263, + 264, + 265, + 266, + 267, + 268, + 269, + 270, + 271, + 272, + 273, + 274, + 275, + 276, + 277, + 278, + 279, + 280, + 281, + 282, + 283, + 284, + 285, + 286, + 287, + 288, + 289, + 290, + 291, + 292, + 293, + 294, + 295, + 296, + 297, + 298, + 299, + 300, + 301, + 302, + 303, + 304, + 305, + 306, + 307, + 308, + 309, + 310, + 311, + 312, + 313, + 314, + 315, + 316, + 317, + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332, + 333, + 334, + 335, + 336, + 337, + 338, + 339, + 340, + 341, + 342, + 343, + 344, + 345, + 346, + 347, + 348, + 349, + 350, + 351, + 352, + 353, + 354, + 355, + 356, + 357, + 358, + 359, + 360, + 361, + 362, + 363, + 364, + 365, + 366, + 367, + 368, + 369, + 370, + 371, + 372, + 373, + 374, + 375, + 376, + 377, + 378, + 379, + 380, + 381, + 382, + 383, + 384, + 385, + 386, + 387, + 388, + 389, + 390, + 391, + 392, + 393, + 394, + 395, + 396, + 397, + 398, + 399, + 400, + 401, + 402, + 403, + 404, + 405, + 406, + 407, + 408, + 409, + 410, + 411, + 412, + 413, + 414, + 415, + 416, + 417, + 418, + 419, + 420, + 421, + 422, + 423, + 424, + 425, + 426, + 427, + 428, + 429, + 430, + 431, + 432, + 433, + 434, + 435, + 436, + 437, + 438, + 439, + 440, + 441, + 442, + 443, + 444, + 445, + 446, + 447, + 448, + 449, + 450, + 451, + 452, + 453, + 454, + 455, + 456, + 457, + 458, + 459, + 460, + 461, + 462, + 463, + 464, + 465, + 466, + 467, + 468, + 469, + 470, + 471, + 472, + 473, + 474, + 475, + 476, + 477, + 478, + 479, + 480, + 481, + 482, + 483, + 484, + 485, + 486, + 487, + 488, + 489, + 490, + 491, + 492, + 493, + 494, + 495, + 496 + ], + "starting_column": 1, + "ending_column": 0 + } + }, + "signature": "_burnAndNotify(uint256,address,bool)" + } + }, + { + "type": "node", + "name": "ITempleGold(templeGold).send{value: fee.nativeFee}(sendParam,fee,address(address(this)))", + "source_mapping": { + "start": 22245, + "length": 92, + "filename_relative": "contracts/templegold/SpiceAuction.sol", + "filename_absolute": "/Users/pb/code/delete_later/hawks_fix/temple/protocol/contracts/templegold/SpiceAuction.sol", + "filename_short": "contracts/templegold/SpiceAuction.sol", + "is_dependency": false, + "lines": [ + 468 + ], + "starting_column": 13, + "ending_column": 105 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "_burnAndNotify", + "source_mapping": { + "start": 20927, + "length": 1866, + "filename_relative": "contracts/templegold/SpiceAuction.sol", + "filename_absolute": "/Users/pb/code/delete_later/hawks_fix/temple/protocol/contracts/templegold/SpiceAuction.sol", + "filename_short": "contracts/templegold/SpiceAuction.sol", + "is_dependency": false, + "lines": [ + 442, + 443, + 444, + 445, + 446, + 447, + 448, + 449, + 450, + 451, + 452, + 453, + 454, + 455, + 456, + 457, + 458, + 459, + 460, + 461, + 462, + 463, + 464, + 465, + 466, + 467, + 468, + 469, + 470, + 471, + 472, + 473, + 474, + 475, + 476, + 477, + 478, + 479, + 480 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "SpiceAuction", + "source_mapping": { + "start": 1761, + "length": 21494, + "filename_relative": "contracts/templegold/SpiceAuction.sol", + "filename_absolute": "/Users/pb/code/delete_later/hawks_fix/temple/protocol/contracts/templegold/SpiceAuction.sol", + "filename_short": "contracts/templegold/SpiceAuction.sol", + "is_dependency": false, + "lines": [ + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47, + 48, + 49, + 50, + 51, + 52, + 53, + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70, + 71, + 72, + 73, + 74, + 75, + 76, + 77, + 78, + 79, + 80, + 81, + 82, + 83, + 84, + 85, + 86, + 87, + 88, + 89, + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97, + 98, + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108, + 109, + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128, + 129, + 130, + 131, + 132, + 133, + 134, + 135, + 136, + 137, + 138, + 139, + 140, + 141, + 142, + 143, + 144, + 145, + 146, + 147, + 148, + 149, + 150, + 151, + 152, + 153, + 154, + 155, + 156, + 157, + 158, + 159, + 160, + 161, + 162, + 163, + 164, + 165, + 166, + 167, + 168, + 169, + 170, + 171, + 172, + 173, + 174, + 175, + 176, + 177, + 178, + 179, + 180, + 181, + 182, + 183, + 184, + 185, + 186, + 187, + 188, + 189, + 190, + 191, + 192, + 193, + 194, + 195, + 196, + 197, + 198, + 199, + 200, + 201, + 202, + 203, + 204, + 205, + 206, + 207, + 208, + 209, + 210, + 211, + 212, + 213, + 214, + 215, + 216, + 217, + 218, + 219, + 220, + 221, + 222, + 223, + 224, + 225, + 226, + 227, + 228, + 229, + 230, + 231, + 232, + 233, + 234, + 235, + 236, + 237, + 238, + 239, + 240, + 241, + 242, + 243, + 244, + 245, + 246, + 247, + 248, + 249, + 250, + 251, + 252, + 253, + 254, + 255, + 256, + 257, + 258, + 259, + 260, + 261, + 262, + 263, + 264, + 265, + 266, + 267, + 268, + 269, + 270, + 271, + 272, + 273, + 274, + 275, + 276, + 277, + 278, + 279, + 280, + 281, + 282, + 283, + 284, + 285, + 286, + 287, + 288, + 289, + 290, + 291, + 292, + 293, + 294, + 295, + 296, + 297, + 298, + 299, + 300, + 301, + 302, + 303, + 304, + 305, + 306, + 307, + 308, + 309, + 310, + 311, + 312, + 313, + 314, + 315, + 316, + 317, + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332, + 333, + 334, + 335, + 336, + 337, + 338, + 339, + 340, + 341, + 342, + 343, + 344, + 345, + 346, + 347, + 348, + 349, + 350, + 351, + 352, + 353, + 354, + 355, + 356, + 357, + 358, + 359, + 360, + 361, + 362, + 363, + 364, + 365, + 366, + 367, + 368, + 369, + 370, + 371, + 372, + 373, + 374, + 375, + 376, + 377, + 378, + 379, + 380, + 381, + 382, + 383, + 384, + 385, + 386, + 387, + 388, + 389, + 390, + 391, + 392, + 393, + 394, + 395, + 396, + 397, + 398, + 399, + 400, + 401, + 402, + 403, + 404, + 405, + 406, + 407, + 408, + 409, + 410, + 411, + 412, + 413, + 414, + 415, + 416, + 417, + 418, + 419, + 420, + 421, + 422, + 423, + 424, + 425, + 426, + 427, + 428, + 429, + 430, + 431, + 432, + 433, + 434, + 435, + 436, + 437, + 438, + 439, + 440, + 441, + 442, + 443, + 444, + 445, + 446, + 447, + 448, + 449, + 450, + 451, + 452, + 453, + 454, + 455, + 456, + 457, + 458, + 459, + 460, + 461, + 462, + 463, + 464, + 465, + 466, + 467, + 468, + 469, + 470, + 471, + 472, + 473, + 474, + 475, + 476, + 477, + 478, + 479, + 480, + 481, + 482, + 483, + 484, + 485, + 486, + 487, + 488, + 489, + 490, + 491, + 492, + 493, + 494, + 495, + 496 + ], + "starting_column": 1, + "ending_column": 0 + } + }, + "signature": "_burnAndNotify(uint256,address,bool)" + } + } + } + }, + { + "type": "node", + "name": "ITempleGold(templeGold).send{value: fee.nativeFee}(sendParam,fee,address(msg.sender))", + "source_mapping": { + "start": 22368, + "length": 89, + "filename_relative": "contracts/templegold/SpiceAuction.sol", + "filename_absolute": "/Users/pb/code/delete_later/hawks_fix/temple/protocol/contracts/templegold/SpiceAuction.sol", + "filename_short": "contracts/templegold/SpiceAuction.sol", + "is_dependency": false, + "lines": [ + 470 + ], + "starting_column": 13, + "ending_column": 102 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "_burnAndNotify", + "source_mapping": { + "start": 20927, + "length": 1866, + "filename_relative": "contracts/templegold/SpiceAuction.sol", + "filename_absolute": "/Users/pb/code/delete_later/hawks_fix/temple/protocol/contracts/templegold/SpiceAuction.sol", + "filename_short": "contracts/templegold/SpiceAuction.sol", + "is_dependency": false, + "lines": [ + 442, + 443, + 444, + 445, + 446, + 447, + 448, + 449, + 450, + 451, + 452, + 453, + 454, + 455, + 456, + 457, + 458, + 459, + 460, + 461, + 462, + 463, + 464, + 465, + 466, + 467, + 468, + 469, + 470, + 471, + 472, + 473, + 474, + 475, + 476, + 477, + 478, + 479, + 480 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "SpiceAuction", + "source_mapping": { + "start": 1761, + "length": 21494, + "filename_relative": "contracts/templegold/SpiceAuction.sol", + "filename_absolute": "/Users/pb/code/delete_later/hawks_fix/temple/protocol/contracts/templegold/SpiceAuction.sol", + "filename_short": "contracts/templegold/SpiceAuction.sol", + "is_dependency": false, + "lines": [ + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47, + 48, + 49, + 50, + 51, + 52, + 53, + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70, + 71, + 72, + 73, + 74, + 75, + 76, + 77, + 78, + 79, + 80, + 81, + 82, + 83, + 84, + 85, + 86, + 87, + 88, + 89, + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97, + 98, + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108, + 109, + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128, + 129, + 130, + 131, + 132, + 133, + 134, + 135, + 136, + 137, + 138, + 139, + 140, + 141, + 142, + 143, + 144, + 145, + 146, + 147, + 148, + 149, + 150, + 151, + 152, + 153, + 154, + 155, + 156, + 157, + 158, + 159, + 160, + 161, + 162, + 163, + 164, + 165, + 166, + 167, + 168, + 169, + 170, + 171, + 172, + 173, + 174, + 175, + 176, + 177, + 178, + 179, + 180, + 181, + 182, + 183, + 184, + 185, + 186, + 187, + 188, + 189, + 190, + 191, + 192, + 193, + 194, + 195, + 196, + 197, + 198, + 199, + 200, + 201, + 202, + 203, + 204, + 205, + 206, + 207, + 208, + 209, + 210, + 211, + 212, + 213, + 214, + 215, + 216, + 217, + 218, + 219, + 220, + 221, + 222, + 223, + 224, + 225, + 226, + 227, + 228, + 229, + 230, + 231, + 232, + 233, + 234, + 235, + 236, + 237, + 238, + 239, + 240, + 241, + 242, + 243, + 244, + 245, + 246, + 247, + 248, + 249, + 250, + 251, + 252, + 253, + 254, + 255, + 256, + 257, + 258, + 259, + 260, + 261, + 262, + 263, + 264, + 265, + 266, + 267, + 268, + 269, + 270, + 271, + 272, + 273, + 274, + 275, + 276, + 277, + 278, + 279, + 280, + 281, + 282, + 283, + 284, + 285, + 286, + 287, + 288, + 289, + 290, + 291, + 292, + 293, + 294, + 295, + 296, + 297, + 298, + 299, + 300, + 301, + 302, + 303, + 304, + 305, + 306, + 307, + 308, + 309, + 310, + 311, + 312, + 313, + 314, + 315, + 316, + 317, + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332, + 333, + 334, + 335, + 336, + 337, + 338, + 339, + 340, + 341, + 342, + 343, + 344, + 345, + 346, + 347, + 348, + 349, + 350, + 351, + 352, + 353, + 354, + 355, + 356, + 357, + 358, + 359, + 360, + 361, + 362, + 363, + 364, + 365, + 366, + 367, + 368, + 369, + 370, + 371, + 372, + 373, + 374, + 375, + 376, + 377, + 378, + 379, + 380, + 381, + 382, + 383, + 384, + 385, + 386, + 387, + 388, + 389, + 390, + 391, + 392, + 393, + 394, + 395, + 396, + 397, + 398, + 399, + 400, + 401, + 402, + 403, + 404, + 405, + 406, + 407, + 408, + 409, + 410, + 411, + 412, + 413, + 414, + 415, + 416, + 417, + 418, + 419, + 420, + 421, + 422, + 423, + 424, + 425, + 426, + 427, + 428, + 429, + 430, + 431, + 432, + 433, + 434, + 435, + 436, + 437, + 438, + 439, + 440, + 441, + 442, + 443, + 444, + 445, + 446, + 447, + 448, + 449, + 450, + 451, + 452, + 453, + 454, + 455, + 456, + 457, + 458, + 459, + 460, + 461, + 462, + 463, + 464, + 465, + 466, + 467, + 468, + 469, + 470, + 471, + 472, + 473, + 474, + 475, + 476, + 477, + 478, + 479, + 480, + 481, + 482, + 483, + 484, + 485, + 486, + 487, + 488, + 489, + 490, + 491, + 492, + 493, + 494, + 495, + 496 + ], + "starting_column": 1, + "ending_column": 0 + } + }, + "signature": "_burnAndNotify(uint256,address,bool)" + } + } + } + } + ], + "description": "SpiceAuction._burnAndNotify(uint256,address,bool) (contracts/templegold/SpiceAuction.sol#442-480) sends eth to arbitrary user\n\tDangerous calls:\n\t- ITempleGold(templeGold).send{value: fee.nativeFee}(sendParam,fee,address(address(this))) (contracts/templegold/SpiceAuction.sol#468)\n\t- ITempleGold(templeGold).send{value: fee.nativeFee}(sendParam,fee,address(msg.sender)) (contracts/templegold/SpiceAuction.sol#470)\n", + "markdown": "[SpiceAuction._burnAndNotify(uint256,address,bool)](contracts/templegold/SpiceAuction.sol#L442-L480) sends eth to arbitrary user\n\tDangerous calls:\n\t- [ITempleGold(templeGold).send{value: fee.nativeFee}(sendParam,fee,address(address(this)))](contracts/templegold/SpiceAuction.sol#L468)\n\t- [ITempleGold(templeGold).send{value: fee.nativeFee}(sendParam,fee,address(msg.sender))](contracts/templegold/SpiceAuction.sol#L470)\n", + "first_markdown_element": "contracts/templegold/SpiceAuction.sol#L442-L480", + "id": "cab9e45f26c08aedd17ccd8eb6c6d9c1ad148e039327909816dc812e329d1085", + "check": "arbitrary-send-eth", + "impact": "High", + "confidence": "Medium" + }, + { + "elements": [ + { + "type": "function", + "name": "_burnAndNotify", + "source_mapping": { + "start": 20927, + "length": 1866, + "filename_relative": "contracts/templegold/SpiceAuction.sol", + "filename_absolute": "/Users/pb/code/delete_later/hawks_fix/temple/protocol/contracts/templegold/SpiceAuction.sol", + "filename_short": "contracts/templegold/SpiceAuction.sol", + "is_dependency": false, + "lines": [ + 442, + 443, + 444, + 445, + 446, + 447, + 448, + 449, + 450, + 451, + 452, + 453, + 454, + 455, + 456, + 457, + 458, + 459, + 460, + 461, + 462, + 463, + 464, + 465, + 466, + 467, + 468, + 469, + 470, + 471, + 472, + 473, + 474, + 475, + 476, + 477, + 478, + 479, + 480 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "SpiceAuction", + "source_mapping": { + "start": 1761, + "length": 21494, + "filename_relative": "contracts/templegold/SpiceAuction.sol", + "filename_absolute": "/Users/pb/code/delete_later/hawks_fix/temple/protocol/contracts/templegold/SpiceAuction.sol", + "filename_short": "contracts/templegold/SpiceAuction.sol", + "is_dependency": false, + "lines": [ + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47, + 48, + 49, + 50, + 51, + 52, + 53, + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70, + 71, + 72, + 73, + 74, + 75, + 76, + 77, + 78, + 79, + 80, + 81, + 82, + 83, + 84, + 85, + 86, + 87, + 88, + 89, + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97, + 98, + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108, + 109, + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128, + 129, + 130, + 131, + 132, + 133, + 134, + 135, + 136, + 137, + 138, + 139, + 140, + 141, + 142, + 143, + 144, + 145, + 146, + 147, + 148, + 149, + 150, + 151, + 152, + 153, + 154, + 155, + 156, + 157, + 158, + 159, + 160, + 161, + 162, + 163, + 164, + 165, + 166, + 167, + 168, + 169, + 170, + 171, + 172, + 173, + 174, + 175, + 176, + 177, + 178, + 179, + 180, + 181, + 182, + 183, + 184, + 185, + 186, + 187, + 188, + 189, + 190, + 191, + 192, + 193, + 194, + 195, + 196, + 197, + 198, + 199, + 200, + 201, + 202, + 203, + 204, + 205, + 206, + 207, + 208, + 209, + 210, + 211, + 212, + 213, + 214, + 215, + 216, + 217, + 218, + 219, + 220, + 221, + 222, + 223, + 224, + 225, + 226, + 227, + 228, + 229, + 230, + 231, + 232, + 233, + 234, + 235, + 236, + 237, + 238, + 239, + 240, + 241, + 242, + 243, + 244, + 245, + 246, + 247, + 248, + 249, + 250, + 251, + 252, + 253, + 254, + 255, + 256, + 257, + 258, + 259, + 260, + 261, + 262, + 263, + 264, + 265, + 266, + 267, + 268, + 269, + 270, + 271, + 272, + 273, + 274, + 275, + 276, + 277, + 278, + 279, + 280, + 281, + 282, + 283, + 284, + 285, + 286, + 287, + 288, + 289, + 290, + 291, + 292, + 293, + 294, + 295, + 296, + 297, + 298, + 299, + 300, + 301, + 302, + 303, + 304, + 305, + 306, + 307, + 308, + 309, + 310, + 311, + 312, + 313, + 314, + 315, + 316, + 317, + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332, + 333, + 334, + 335, + 336, + 337, + 338, + 339, + 340, + 341, + 342, + 343, + 344, + 345, + 346, + 347, + 348, + 349, + 350, + 351, + 352, + 353, + 354, + 355, + 356, + 357, + 358, + 359, + 360, + 361, + 362, + 363, + 364, + 365, + 366, + 367, + 368, + 369, + 370, + 371, + 372, + 373, + 374, + 375, + 376, + 377, + 378, + 379, + 380, + 381, + 382, + 383, + 384, + 385, + 386, + 387, + 388, + 389, + 390, + 391, + 392, + 393, + 394, + 395, + 396, + 397, + 398, + 399, + 400, + 401, + 402, + 403, + 404, + 405, + 406, + 407, + 408, + 409, + 410, + 411, + 412, + 413, + 414, + 415, + 416, + 417, + 418, + 419, + 420, + 421, + 422, + 423, + 424, + 425, + 426, + 427, + 428, + 429, + 430, + 431, + 432, + 433, + 434, + 435, + 436, + 437, + 438, + 439, + 440, + 441, + 442, + 443, + 444, + 445, + 446, + 447, + 448, + 449, + 450, + 451, + 452, + 453, + 454, + 455, + 456, + 457, + 458, + 459, + 460, + 461, + 462, + 463, + 464, + 465, + 466, + 467, + 468, + 469, + 470, + 471, + 472, + 473, + 474, + 475, + 476, + 477, + 478, + 479, + 480, + 481, + 482, + 483, + 484, + 485, + 486, + 487, + 488, + 489, + 490, + 491, + 492, + 493, + 494, + 495, + 496 + ], + "starting_column": 1, + "ending_column": 0 + } + }, + "signature": "_burnAndNotify(uint256,address,bool)" + } + }, + { + "type": "node", + "name": "ITempleGold(templeGold).send{value: fee.nativeFee}(sendParam,fee,address(address(this)))", + "source_mapping": { + "start": 22245, + "length": 92, + "filename_relative": "contracts/templegold/SpiceAuction.sol", + "filename_absolute": "/Users/pb/code/delete_later/hawks_fix/temple/protocol/contracts/templegold/SpiceAuction.sol", + "filename_short": "contracts/templegold/SpiceAuction.sol", + "is_dependency": false, + "lines": [ + 468 + ], + "starting_column": 13, + "ending_column": 105 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "_burnAndNotify", + "source_mapping": { + "start": 20927, + "length": 1866, + "filename_relative": "contracts/templegold/SpiceAuction.sol", + "filename_absolute": "/Users/pb/code/delete_later/hawks_fix/temple/protocol/contracts/templegold/SpiceAuction.sol", + "filename_short": "contracts/templegold/SpiceAuction.sol", + "is_dependency": false, + "lines": [ + 442, + 443, + 444, + 445, + 446, + 447, + 448, + 449, + 450, + 451, + 452, + 453, + 454, + 455, + 456, + 457, + 458, + 459, + 460, + 461, + 462, + 463, + 464, + 465, + 466, + 467, + 468, + 469, + 470, + 471, + 472, + 473, + 474, + 475, + 476, + 477, + 478, + 479, + 480 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "SpiceAuction", + "source_mapping": { + "start": 1761, + "length": 21494, + "filename_relative": "contracts/templegold/SpiceAuction.sol", + "filename_absolute": "/Users/pb/code/delete_later/hawks_fix/temple/protocol/contracts/templegold/SpiceAuction.sol", + "filename_short": "contracts/templegold/SpiceAuction.sol", + "is_dependency": false, + "lines": [ + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47, + 48, + 49, + 50, + 51, + 52, + 53, + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70, + 71, + 72, + 73, + 74, + 75, + 76, + 77, + 78, + 79, + 80, + 81, + 82, + 83, + 84, + 85, + 86, + 87, + 88, + 89, + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97, + 98, + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108, + 109, + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128, + 129, + 130, + 131, + 132, + 133, + 134, + 135, + 136, + 137, + 138, + 139, + 140, + 141, + 142, + 143, + 144, + 145, + 146, + 147, + 148, + 149, + 150, + 151, + 152, + 153, + 154, + 155, + 156, + 157, + 158, + 159, + 160, + 161, + 162, + 163, + 164, + 165, + 166, + 167, + 168, + 169, + 170, + 171, + 172, + 173, + 174, + 175, + 176, + 177, + 178, + 179, + 180, + 181, + 182, + 183, + 184, + 185, + 186, + 187, + 188, + 189, + 190, + 191, + 192, + 193, + 194, + 195, + 196, + 197, + 198, + 199, + 200, + 201, + 202, + 203, + 204, + 205, + 206, + 207, + 208, + 209, + 210, + 211, + 212, + 213, + 214, + 215, + 216, + 217, + 218, + 219, + 220, + 221, + 222, + 223, + 224, + 225, + 226, + 227, + 228, + 229, + 230, + 231, + 232, + 233, + 234, + 235, + 236, + 237, + 238, + 239, + 240, + 241, + 242, + 243, + 244, + 245, + 246, + 247, + 248, + 249, + 250, + 251, + 252, + 253, + 254, + 255, + 256, + 257, + 258, + 259, + 260, + 261, + 262, + 263, + 264, + 265, + 266, + 267, + 268, + 269, + 270, + 271, + 272, + 273, + 274, + 275, + 276, + 277, + 278, + 279, + 280, + 281, + 282, + 283, + 284, + 285, + 286, + 287, + 288, + 289, + 290, + 291, + 292, + 293, + 294, + 295, + 296, + 297, + 298, + 299, + 300, + 301, + 302, + 303, + 304, + 305, + 306, + 307, + 308, + 309, + 310, + 311, + 312, + 313, + 314, + 315, + 316, + 317, + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332, + 333, + 334, + 335, + 336, + 337, + 338, + 339, + 340, + 341, + 342, + 343, + 344, + 345, + 346, + 347, + 348, + 349, + 350, + 351, + 352, + 353, + 354, + 355, + 356, + 357, + 358, + 359, + 360, + 361, + 362, + 363, + 364, + 365, + 366, + 367, + 368, + 369, + 370, + 371, + 372, + 373, + 374, + 375, + 376, + 377, + 378, + 379, + 380, + 381, + 382, + 383, + 384, + 385, + 386, + 387, + 388, + 389, + 390, + 391, + 392, + 393, + 394, + 395, + 396, + 397, + 398, + 399, + 400, + 401, + 402, + 403, + 404, + 405, + 406, + 407, + 408, + 409, + 410, + 411, + 412, + 413, + 414, + 415, + 416, + 417, + 418, + 419, + 420, + 421, + 422, + 423, + 424, + 425, + 426, + 427, + 428, + 429, + 430, + 431, + 432, + 433, + 434, + 435, + 436, + 437, + 438, + 439, + 440, + 441, + 442, + 443, + 444, + 445, + 446, + 447, + 448, + 449, + 450, + 451, + 452, + 453, + 454, + 455, + 456, + 457, + 458, + 459, + 460, + 461, + 462, + 463, + 464, + 465, + 466, + 467, + 468, + 469, + 470, + 471, + 472, + 473, + 474, + 475, + 476, + 477, + 478, + 479, + 480, + 481, + 482, + 483, + 484, + 485, + 486, + 487, + 488, + 489, + 490, + 491, + 492, + 493, + 494, + 495, + 496 + ], + "starting_column": 1, + "ending_column": 0 + } + }, + "signature": "_burnAndNotify(uint256,address,bool)" + } + } + } + } + ], + "description": "SpiceAuction._burnAndNotify(uint256,address,bool) (contracts/templegold/SpiceAuction.sol#442-480) ignores return value by ITempleGold(templeGold).send{value: fee.nativeFee}(sendParam,fee,address(address(this))) (contracts/templegold/SpiceAuction.sol#468)\n", + "markdown": "[SpiceAuction._burnAndNotify(uint256,address,bool)](contracts/templegold/SpiceAuction.sol#L442-L480) ignores return value by [ITempleGold(templeGold).send{value: fee.nativeFee}(sendParam,fee,address(address(this)))](contracts/templegold/SpiceAuction.sol#L468)\n", + "first_markdown_element": "contracts/templegold/SpiceAuction.sol#L442-L480", + "id": "6d911a2f3e28d79bafa28ba2c6bb0c13a0fc7b815603cb707480fffa9e2384af", + "check": "unused-return", + "impact": "Medium", + "confidence": "Medium" + }, + { + "elements": [ + { + "type": "function", + "name": "_burnAndNotify", + "source_mapping": { + "start": 20927, + "length": 1866, + "filename_relative": "contracts/templegold/SpiceAuction.sol", + "filename_absolute": "/Users/pb/code/delete_later/hawks_fix/temple/protocol/contracts/templegold/SpiceAuction.sol", + "filename_short": "contracts/templegold/SpiceAuction.sol", + "is_dependency": false, + "lines": [ + 442, + 443, + 444, + 445, + 446, + 447, + 448, + 449, + 450, + 451, + 452, + 453, + 454, + 455, + 456, + 457, + 458, + 459, + 460, + 461, + 462, + 463, + 464, + 465, + 466, + 467, + 468, + 469, + 470, + 471, + 472, + 473, + 474, + 475, + 476, + 477, + 478, + 479, + 480 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "SpiceAuction", + "source_mapping": { + "start": 1761, + "length": 21494, + "filename_relative": "contracts/templegold/SpiceAuction.sol", + "filename_absolute": "/Users/pb/code/delete_later/hawks_fix/temple/protocol/contracts/templegold/SpiceAuction.sol", + "filename_short": "contracts/templegold/SpiceAuction.sol", + "is_dependency": false, + "lines": [ + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47, + 48, + 49, + 50, + 51, + 52, + 53, + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70, + 71, + 72, + 73, + 74, + 75, + 76, + 77, + 78, + 79, + 80, + 81, + 82, + 83, + 84, + 85, + 86, + 87, + 88, + 89, + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97, + 98, + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108, + 109, + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128, + 129, + 130, + 131, + 132, + 133, + 134, + 135, + 136, + 137, + 138, + 139, + 140, + 141, + 142, + 143, + 144, + 145, + 146, + 147, + 148, + 149, + 150, + 151, + 152, + 153, + 154, + 155, + 156, + 157, + 158, + 159, + 160, + 161, + 162, + 163, + 164, + 165, + 166, + 167, + 168, + 169, + 170, + 171, + 172, + 173, + 174, + 175, + 176, + 177, + 178, + 179, + 180, + 181, + 182, + 183, + 184, + 185, + 186, + 187, + 188, + 189, + 190, + 191, + 192, + 193, + 194, + 195, + 196, + 197, + 198, + 199, + 200, + 201, + 202, + 203, + 204, + 205, + 206, + 207, + 208, + 209, + 210, + 211, + 212, + 213, + 214, + 215, + 216, + 217, + 218, + 219, + 220, + 221, + 222, + 223, + 224, + 225, + 226, + 227, + 228, + 229, + 230, + 231, + 232, + 233, + 234, + 235, + 236, + 237, + 238, + 239, + 240, + 241, + 242, + 243, + 244, + 245, + 246, + 247, + 248, + 249, + 250, + 251, + 252, + 253, + 254, + 255, + 256, + 257, + 258, + 259, + 260, + 261, + 262, + 263, + 264, + 265, + 266, + 267, + 268, + 269, + 270, + 271, + 272, + 273, + 274, + 275, + 276, + 277, + 278, + 279, + 280, + 281, + 282, + 283, + 284, + 285, + 286, + 287, + 288, + 289, + 290, + 291, + 292, + 293, + 294, + 295, + 296, + 297, + 298, + 299, + 300, + 301, + 302, + 303, + 304, + 305, + 306, + 307, + 308, + 309, + 310, + 311, + 312, + 313, + 314, + 315, + 316, + 317, + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332, + 333, + 334, + 335, + 336, + 337, + 338, + 339, + 340, + 341, + 342, + 343, + 344, + 345, + 346, + 347, + 348, + 349, + 350, + 351, + 352, + 353, + 354, + 355, + 356, + 357, + 358, + 359, + 360, + 361, + 362, + 363, + 364, + 365, + 366, + 367, + 368, + 369, + 370, + 371, + 372, + 373, + 374, + 375, + 376, + 377, + 378, + 379, + 380, + 381, + 382, + 383, + 384, + 385, + 386, + 387, + 388, + 389, + 390, + 391, + 392, + 393, + 394, + 395, + 396, + 397, + 398, + 399, + 400, + 401, + 402, + 403, + 404, + 405, + 406, + 407, + 408, + 409, + 410, + 411, + 412, + 413, + 414, + 415, + 416, + 417, + 418, + 419, + 420, + 421, + 422, + 423, + 424, + 425, + 426, + 427, + 428, + 429, + 430, + 431, + 432, + 433, + 434, + 435, + 436, + 437, + 438, + 439, + 440, + 441, + 442, + 443, + 444, + 445, + 446, + 447, + 448, + 449, + 450, + 451, + 452, + 453, + 454, + 455, + 456, + 457, + 458, + 459, + 460, + 461, + 462, + 463, + 464, + 465, + 466, + 467, + 468, + 469, + 470, + 471, + 472, + 473, + 474, + 475, + 476, + 477, + 478, + 479, + 480, + 481, + 482, + 483, + 484, + 485, + 486, + 487, + 488, + 489, + 490, + 491, + 492, + 493, + 494, + 495, + 496 + ], + "starting_column": 1, + "ending_column": 0 + } + }, + "signature": "_burnAndNotify(uint256,address,bool)" + } + }, + { + "type": "node", + "name": "ITempleGold(templeGold).send{value: fee.nativeFee}(sendParam,fee,address(msg.sender))", + "source_mapping": { + "start": 22368, + "length": 89, + "filename_relative": "contracts/templegold/SpiceAuction.sol", + "filename_absolute": "/Users/pb/code/delete_later/hawks_fix/temple/protocol/contracts/templegold/SpiceAuction.sol", + "filename_short": "contracts/templegold/SpiceAuction.sol", + "is_dependency": false, + "lines": [ + 470 + ], + "starting_column": 13, + "ending_column": 102 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "_burnAndNotify", + "source_mapping": { + "start": 20927, + "length": 1866, + "filename_relative": "contracts/templegold/SpiceAuction.sol", + "filename_absolute": "/Users/pb/code/delete_later/hawks_fix/temple/protocol/contracts/templegold/SpiceAuction.sol", + "filename_short": "contracts/templegold/SpiceAuction.sol", + "is_dependency": false, + "lines": [ + 442, + 443, + 444, + 445, + 446, + 447, + 448, + 449, + 450, + 451, + 452, + 453, + 454, + 455, + 456, + 457, + 458, + 459, + 460, + 461, + 462, + 463, + 464, + 465, + 466, + 467, + 468, + 469, + 470, + 471, + 472, + 473, + 474, + 475, + 476, + 477, + 478, + 479, + 480 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "SpiceAuction", + "source_mapping": { + "start": 1761, + "length": 21494, + "filename_relative": "contracts/templegold/SpiceAuction.sol", + "filename_absolute": "/Users/pb/code/delete_later/hawks_fix/temple/protocol/contracts/templegold/SpiceAuction.sol", + "filename_short": "contracts/templegold/SpiceAuction.sol", + "is_dependency": false, + "lines": [ + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47, + 48, + 49, + 50, + 51, + 52, + 53, + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70, + 71, + 72, + 73, + 74, + 75, + 76, + 77, + 78, + 79, + 80, + 81, + 82, + 83, + 84, + 85, + 86, + 87, + 88, + 89, + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97, + 98, + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108, + 109, + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128, + 129, + 130, + 131, + 132, + 133, + 134, + 135, + 136, + 137, + 138, + 139, + 140, + 141, + 142, + 143, + 144, + 145, + 146, + 147, + 148, + 149, + 150, + 151, + 152, + 153, + 154, + 155, + 156, + 157, + 158, + 159, + 160, + 161, + 162, + 163, + 164, + 165, + 166, + 167, + 168, + 169, + 170, + 171, + 172, + 173, + 174, + 175, + 176, + 177, + 178, + 179, + 180, + 181, + 182, + 183, + 184, + 185, + 186, + 187, + 188, + 189, + 190, + 191, + 192, + 193, + 194, + 195, + 196, + 197, + 198, + 199, + 200, + 201, + 202, + 203, + 204, + 205, + 206, + 207, + 208, + 209, + 210, + 211, + 212, + 213, + 214, + 215, + 216, + 217, + 218, + 219, + 220, + 221, + 222, + 223, + 224, + 225, + 226, + 227, + 228, + 229, + 230, + 231, + 232, + 233, + 234, + 235, + 236, + 237, + 238, + 239, + 240, + 241, + 242, + 243, + 244, + 245, + 246, + 247, + 248, + 249, + 250, + 251, + 252, + 253, + 254, + 255, + 256, + 257, + 258, + 259, + 260, + 261, + 262, + 263, + 264, + 265, + 266, + 267, + 268, + 269, + 270, + 271, + 272, + 273, + 274, + 275, + 276, + 277, + 278, + 279, + 280, + 281, + 282, + 283, + 284, + 285, + 286, + 287, + 288, + 289, + 290, + 291, + 292, + 293, + 294, + 295, + 296, + 297, + 298, + 299, + 300, + 301, + 302, + 303, + 304, + 305, + 306, + 307, + 308, + 309, + 310, + 311, + 312, + 313, + 314, + 315, + 316, + 317, + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332, + 333, + 334, + 335, + 336, + 337, + 338, + 339, + 340, + 341, + 342, + 343, + 344, + 345, + 346, + 347, + 348, + 349, + 350, + 351, + 352, + 353, + 354, + 355, + 356, + 357, + 358, + 359, + 360, + 361, + 362, + 363, + 364, + 365, + 366, + 367, + 368, + 369, + 370, + 371, + 372, + 373, + 374, + 375, + 376, + 377, + 378, + 379, + 380, + 381, + 382, + 383, + 384, + 385, + 386, + 387, + 388, + 389, + 390, + 391, + 392, + 393, + 394, + 395, + 396, + 397, + 398, + 399, + 400, + 401, + 402, + 403, + 404, + 405, + 406, + 407, + 408, + 409, + 410, + 411, + 412, + 413, + 414, + 415, + 416, + 417, + 418, + 419, + 420, + 421, + 422, + 423, + 424, + 425, + 426, + 427, + 428, + 429, + 430, + 431, + 432, + 433, + 434, + 435, + 436, + 437, + 438, + 439, + 440, + 441, + 442, + 443, + 444, + 445, + 446, + 447, + 448, + 449, + 450, + 451, + 452, + 453, + 454, + 455, + 456, + 457, + 458, + 459, + 460, + 461, + 462, + 463, + 464, + 465, + 466, + 467, + 468, + 469, + 470, + 471, + 472, + 473, + 474, + 475, + 476, + 477, + 478, + 479, + 480, + 481, + 482, + 483, + 484, + 485, + 486, + 487, + 488, + 489, + 490, + 491, + 492, + 493, + 494, + 495, + 496 + ], + "starting_column": 1, + "ending_column": 0 + } + }, + "signature": "_burnAndNotify(uint256,address,bool)" + } + } + } + } + ], + "description": "SpiceAuction._burnAndNotify(uint256,address,bool) (contracts/templegold/SpiceAuction.sol#442-480) ignores return value by ITempleGold(templeGold).send{value: fee.nativeFee}(sendParam,fee,address(msg.sender)) (contracts/templegold/SpiceAuction.sol#470)\n", + "markdown": "[SpiceAuction._burnAndNotify(uint256,address,bool)](contracts/templegold/SpiceAuction.sol#L442-L480) ignores return value by [ITempleGold(templeGold).send{value: fee.nativeFee}(sendParam,fee,address(msg.sender))](contracts/templegold/SpiceAuction.sol#L470)\n", + "first_markdown_element": "contracts/templegold/SpiceAuction.sol#L442-L480", + "id": "c59a68bdcce3aab355921648cbf2d62aa92c5e1cdab068df32f6c3a8be75bf6c", + "check": "unused-return", + "impact": "Medium", + "confidence": "Medium" + }, + { + "elements": [ + { + "type": "function", + "name": "_burnAndNotify", + "source_mapping": { + "start": 20927, + "length": 1866, + "filename_relative": "contracts/templegold/SpiceAuction.sol", + "filename_absolute": "/Users/pb/code/delete_later/hawks_fix/temple/protocol/contracts/templegold/SpiceAuction.sol", + "filename_short": "contracts/templegold/SpiceAuction.sol", + "is_dependency": false, + "lines": [ + 442, + 443, + 444, + 445, + 446, + 447, + 448, + 449, + 450, + 451, + 452, + 453, + 454, + 455, + 456, + 457, + 458, + 459, + 460, + 461, + 462, + 463, + 464, + 465, + 466, + 467, + 468, + 469, + 470, + 471, + 472, + 473, + 474, + 475, + 476, + 477, + 478, + 479, + 480 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "SpiceAuction", + "source_mapping": { + "start": 1761, + "length": 21494, + "filename_relative": "contracts/templegold/SpiceAuction.sol", + "filename_absolute": "/Users/pb/code/delete_later/hawks_fix/temple/protocol/contracts/templegold/SpiceAuction.sol", + "filename_short": "contracts/templegold/SpiceAuction.sol", + "is_dependency": false, + "lines": [ + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47, + 48, + 49, + 50, + 51, + 52, + 53, + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70, + 71, + 72, + 73, + 74, + 75, + 76, + 77, + 78, + 79, + 80, + 81, + 82, + 83, + 84, + 85, + 86, + 87, + 88, + 89, + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97, + 98, + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108, + 109, + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128, + 129, + 130, + 131, + 132, + 133, + 134, + 135, + 136, + 137, + 138, + 139, + 140, + 141, + 142, + 143, + 144, + 145, + 146, + 147, + 148, + 149, + 150, + 151, + 152, + 153, + 154, + 155, + 156, + 157, + 158, + 159, + 160, + 161, + 162, + 163, + 164, + 165, + 166, + 167, + 168, + 169, + 170, + 171, + 172, + 173, + 174, + 175, + 176, + 177, + 178, + 179, + 180, + 181, + 182, + 183, + 184, + 185, + 186, + 187, + 188, + 189, + 190, + 191, + 192, + 193, + 194, + 195, + 196, + 197, + 198, + 199, + 200, + 201, + 202, + 203, + 204, + 205, + 206, + 207, + 208, + 209, + 210, + 211, + 212, + 213, + 214, + 215, + 216, + 217, + 218, + 219, + 220, + 221, + 222, + 223, + 224, + 225, + 226, + 227, + 228, + 229, + 230, + 231, + 232, + 233, + 234, + 235, + 236, + 237, + 238, + 239, + 240, + 241, + 242, + 243, + 244, + 245, + 246, + 247, + 248, + 249, + 250, + 251, + 252, + 253, + 254, + 255, + 256, + 257, + 258, + 259, + 260, + 261, + 262, + 263, + 264, + 265, + 266, + 267, + 268, + 269, + 270, + 271, + 272, + 273, + 274, + 275, + 276, + 277, + 278, + 279, + 280, + 281, + 282, + 283, + 284, + 285, + 286, + 287, + 288, + 289, + 290, + 291, + 292, + 293, + 294, + 295, + 296, + 297, + 298, + 299, + 300, + 301, + 302, + 303, + 304, + 305, + 306, + 307, + 308, + 309, + 310, + 311, + 312, + 313, + 314, + 315, + 316, + 317, + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332, + 333, + 334, + 335, + 336, + 337, + 338, + 339, + 340, + 341, + 342, + 343, + 344, + 345, + 346, + 347, + 348, + 349, + 350, + 351, + 352, + 353, + 354, + 355, + 356, + 357, + 358, + 359, + 360, + 361, + 362, + 363, + 364, + 365, + 366, + 367, + 368, + 369, + 370, + 371, + 372, + 373, + 374, + 375, + 376, + 377, + 378, + 379, + 380, + 381, + 382, + 383, + 384, + 385, + 386, + 387, + 388, + 389, + 390, + 391, + 392, + 393, + 394, + 395, + 396, + 397, + 398, + 399, + 400, + 401, + 402, + 403, + 404, + 405, + 406, + 407, + 408, + 409, + 410, + 411, + 412, + 413, + 414, + 415, + 416, + 417, + 418, + 419, + 420, + 421, + 422, + 423, + 424, + 425, + 426, + 427, + 428, + 429, + 430, + 431, + 432, + 433, + 434, + 435, + 436, + 437, + 438, + 439, + 440, + 441, + 442, + 443, + 444, + 445, + 446, + 447, + 448, + 449, + 450, + 451, + 452, + 453, + 454, + 455, + 456, + 457, + 458, + 459, + 460, + 461, + 462, + 463, + 464, + 465, + 466, + 467, + 468, + 469, + 470, + 471, + 472, + 473, + 474, + 475, + 476, + 477, + 478, + 479, + 480, + 481, + 482, + 483, + 484, + 485, + 486, + 487, + 488, + 489, + 490, + 491, + 492, + 493, + 494, + 495, + 496 + ], + "starting_column": 1, + "ending_column": 0 + } + }, + "signature": "_burnAndNotify(uint256,address,bool)" + } + }, + { + "type": "node", + "name": "(success) = address(msg.sender).call{value: leftover}()", + "source_mapping": { + "start": 22630, + "length": 65, + "filename_relative": "contracts/templegold/SpiceAuction.sol", + "filename_absolute": "/Users/pb/code/delete_later/hawks_fix/temple/protocol/contracts/templegold/SpiceAuction.sol", + "filename_short": "contracts/templegold/SpiceAuction.sol", + "is_dependency": false, + "lines": [ + 476 + ], + "starting_column": 17, + "ending_column": 82 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "_burnAndNotify", + "source_mapping": { + "start": 20927, + "length": 1866, + "filename_relative": "contracts/templegold/SpiceAuction.sol", + "filename_absolute": "/Users/pb/code/delete_later/hawks_fix/temple/protocol/contracts/templegold/SpiceAuction.sol", + "filename_short": "contracts/templegold/SpiceAuction.sol", + "is_dependency": false, + "lines": [ + 442, + 443, + 444, + 445, + 446, + 447, + 448, + 449, + 450, + 451, + 452, + 453, + 454, + 455, + 456, + 457, + 458, + 459, + 460, + 461, + 462, + 463, + 464, + 465, + 466, + 467, + 468, + 469, + 470, + 471, + 472, + 473, + 474, + 475, + 476, + 477, + 478, + 479, + 480 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "SpiceAuction", + "source_mapping": { + "start": 1761, + "length": 21494, + "filename_relative": "contracts/templegold/SpiceAuction.sol", + "filename_absolute": "/Users/pb/code/delete_later/hawks_fix/temple/protocol/contracts/templegold/SpiceAuction.sol", + "filename_short": "contracts/templegold/SpiceAuction.sol", + "is_dependency": false, + "lines": [ + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47, + 48, + 49, + 50, + 51, + 52, + 53, + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70, + 71, + 72, + 73, + 74, + 75, + 76, + 77, + 78, + 79, + 80, + 81, + 82, + 83, + 84, + 85, + 86, + 87, + 88, + 89, + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97, + 98, + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108, + 109, + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128, + 129, + 130, + 131, + 132, + 133, + 134, + 135, + 136, + 137, + 138, + 139, + 140, + 141, + 142, + 143, + 144, + 145, + 146, + 147, + 148, + 149, + 150, + 151, + 152, + 153, + 154, + 155, + 156, + 157, + 158, + 159, + 160, + 161, + 162, + 163, + 164, + 165, + 166, + 167, + 168, + 169, + 170, + 171, + 172, + 173, + 174, + 175, + 176, + 177, + 178, + 179, + 180, + 181, + 182, + 183, + 184, + 185, + 186, + 187, + 188, + 189, + 190, + 191, + 192, + 193, + 194, + 195, + 196, + 197, + 198, + 199, + 200, + 201, + 202, + 203, + 204, + 205, + 206, + 207, + 208, + 209, + 210, + 211, + 212, + 213, + 214, + 215, + 216, + 217, + 218, + 219, + 220, + 221, + 222, + 223, + 224, + 225, + 226, + 227, + 228, + 229, + 230, + 231, + 232, + 233, + 234, + 235, + 236, + 237, + 238, + 239, + 240, + 241, + 242, + 243, + 244, + 245, + 246, + 247, + 248, + 249, + 250, + 251, + 252, + 253, + 254, + 255, + 256, + 257, + 258, + 259, + 260, + 261, + 262, + 263, + 264, + 265, + 266, + 267, + 268, + 269, + 270, + 271, + 272, + 273, + 274, + 275, + 276, + 277, + 278, + 279, + 280, + 281, + 282, + 283, + 284, + 285, + 286, + 287, + 288, + 289, + 290, + 291, + 292, + 293, + 294, + 295, + 296, + 297, + 298, + 299, + 300, + 301, + 302, + 303, + 304, + 305, + 306, + 307, + 308, + 309, + 310, + 311, + 312, + 313, + 314, + 315, + 316, + 317, + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332, + 333, + 334, + 335, + 336, + 337, + 338, + 339, + 340, + 341, + 342, + 343, + 344, + 345, + 346, + 347, + 348, + 349, + 350, + 351, + 352, + 353, + 354, + 355, + 356, + 357, + 358, + 359, + 360, + 361, + 362, + 363, + 364, + 365, + 366, + 367, + 368, + 369, + 370, + 371, + 372, + 373, + 374, + 375, + 376, + 377, + 378, + 379, + 380, + 381, + 382, + 383, + 384, + 385, + 386, + 387, + 388, + 389, + 390, + 391, + 392, + 393, + 394, + 395, + 396, + 397, + 398, + 399, + 400, + 401, + 402, + 403, + 404, + 405, + 406, + 407, + 408, + 409, + 410, + 411, + 412, + 413, + 414, + 415, + 416, + 417, + 418, + 419, + 420, + 421, + 422, + 423, + 424, + 425, + 426, + 427, + 428, + 429, + 430, + 431, + 432, + 433, + 434, + 435, + 436, + 437, + 438, + 439, + 440, + 441, + 442, + 443, + 444, + 445, + 446, + 447, + 448, + 449, + 450, + 451, + 452, + 453, + 454, + 455, + 456, + 457, + 458, + 459, + 460, + 461, + 462, + 463, + 464, + 465, + 466, + 467, + 468, + 469, + 470, + 471, + 472, + 473, + 474, + 475, + 476, + 477, + 478, + 479, + 480, + 481, + 482, + 483, + 484, + 485, + 486, + 487, + 488, + 489, + 490, + 491, + 492, + 493, + 494, + 495, + 496 + ], + "starting_column": 1, + "ending_column": 0 + } + }, + "signature": "_burnAndNotify(uint256,address,bool)" + } + } + } + } + ], + "description": "Low level call in SpiceAuction._burnAndNotify(uint256,address,bool) (contracts/templegold/SpiceAuction.sol#442-480):\n\t- (success) = address(msg.sender).call{value: leftover}() (contracts/templegold/SpiceAuction.sol#476)\n", + "markdown": "Low level call in [SpiceAuction._burnAndNotify(uint256,address,bool)](contracts/templegold/SpiceAuction.sol#L442-L480):\n\t- [(success) = address(msg.sender).call{value: leftover}()](contracts/templegold/SpiceAuction.sol#L476)\n", + "first_markdown_element": "contracts/templegold/SpiceAuction.sol#L442-L480", + "id": "e0903ff3ae3c9b8b6cdcde490cfc1cca263dd5bbe9589db0c942cffea2ad5d54", + "check": "low-level-calls", + "impact": "Informational", + "confidence": "High" + }, { "elements": [ { diff --git a/protocol/test/forge/templegold/SpiceAuction.t.sol b/protocol/test/forge/templegold/SpiceAuction.t.sol index 3a5982171..f1a00029d 100644 --- a/protocol/test/forge/templegold/SpiceAuction.t.sol +++ b/protocol/test/forge/templegold/SpiceAuction.t.sol @@ -590,7 +590,7 @@ contract SpiceAuctionTest is SpiceAuctionTestBase { spice.bid(10 ether); // start auction - ISpiceAuction.SpiceAuctionConfig memory _config = _startAuction(true, true); + ISpiceAuction.SpiceAuctionConfig memory _config = _startAuction(true, true); uint256 epoch = spice.currentEpoch(); IAuctionBase.EpochInfo memory epochInfo = spice.getEpochInfo(epoch); vm.warp(epochInfo.startTime); @@ -850,4 +850,97 @@ contract SpiceAuctionTest is SpiceAuctionTestBase { emit OperatorSet(alice); spice.setOperator(alice); } + + function test_burn_and_notify_arbitrum() public { + { + _setVestingFactor(); + // authorize for transfers + vm.startPrank(executor); + templeGold.authorizeContract(mike, true); + templeGold.authorizeContract(treasury, true); + skip(4 weeks); + templeGold.mint(); + // team gnosis + vm.startPrank(mike); + // approve spice auction contract to transfer + IERC20(templeGold).approve(address(spice), type(uint).max); + // distribute TGLD to alice + IERC20(templeGold).transfer(alice, 100 ether); + } + + uint256 amount = 10 ether; + uint256 etherAmount = 5 ether; + vm.deal(address(spice), etherAmount); + + // start spcie auction with TGLD as bid token + ISpiceAuction.SpiceAuctionConfig memory _config = _getAuctionConfig(); + _config.isTempleGoldAuctionToken = false; + _config.recipient = mike; + vm.startPrank(daoExecutor); + spice.setAuctionConfig(_config); + + { + deal(daiToken, address(spice), 500 ether); + vm.startPrank(alice); + spice.startAuction(); + // skip cooldown + skip(_config.startCooldown); + } + uint256 bidAmount = 100 ether; + uint256 currentEpoch = spice.currentEpoch(); + + { + // bids + vm.startPrank(alice); + IERC20(templeGold).approve(address(spice), type(uint).max); + vm.expectEmit(address(spice)); + emit Deposit(alice, currentEpoch, bidAmount); + spice.bid(bidAmount); + } + + vm.expectRevert(abi.encodeWithSelector(IAuctionBase.InvalidEpoch.selector)); + spice.burnAndNotify(3, false); + + vm.startPrank(alice); + vm.expectRevert(abi.encodeWithSelector(IAuctionBase.AuctionActive.selector)); + spice.burnAndNotify(currentEpoch, false); + + IAuctionBase.EpochInfo memory _info = spice.getEpochInfo(currentEpoch); + vm.warp(_info.endTime); + + uint256 circulatingSupply = templeGold.circulatingSupply(); + vm.expectEmit(address(spice)); + emit RedeemedTempleGoldBurned(currentEpoch, bidAmount); + spice.burnAndNotify(currentEpoch, false); + emit log_string("balance"); + emit log_uint(IERC20(daiToken).balanceOf(address(spice))); + assertEq(spice.redeemedEpochs(currentEpoch), true); + assertEq(templeGold.circulatingSupply(), circulatingSupply-bidAmount); + + _startAuction(true, true); + _config = spice.getAuctionConfig(currentEpoch+1); + currentEpoch = spice.currentEpoch(); + _info = spice.getEpochInfo(currentEpoch); + vm.warp(_info.endTime); + + // tgld is auction token + vm.expectRevert(abi.encodeWithSelector(CommonEventsAndErrors.InvalidParam.selector)); + spice.burnAndNotify(currentEpoch, false); + + _config = _getAuctionConfig(); + _config.isTempleGoldAuctionToken = false; + vm.startPrank(daoExecutor); + spice.setAuctionConfig(_config); + vm.startPrank(_config.starter); + skip(_config.waitPeriod); + dealAdditional(IERC20(daiToken), address(spice), 500 ether); + templeGold.mint(); + spice.startAuction(); + // no bids + currentEpoch = spice.currentEpoch(); + _info = spice.getEpochInfo(currentEpoch); + vm.warp(_info.endTime); + vm.expectRevert(abi.encodeWithSelector(CommonEventsAndErrors.ExpectedNonZero.selector)); + spice.burnAndNotify(currentEpoch, false); + } } \ No newline at end of file