Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

no bidder has incentive to bid the Auction except doing last-minute MEV due to fixed endBlock #70

Open
code423n4 opened this issue Jun 6, 2023 · 9 comments
Open

no bidder has incentive to bid the Auction except doing last-minute MEV due to fixed endBlock #70

code423n4 opened this issue Jun 6, 2023 · 9 comments
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) edited-by-warden M-13 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons

Comments

@code423n4
Copy link
Contributor

code423n4 commented Jun 6, 2023
edited
Loading

Lines of code

https://github.com/code-423n4/2023-06-stader/blob/main/contracts/Auction.sol#L48-L50

Vulnerability details

Impact

no bidder has incentive to bid the Auction except doing last-minute MEV due to fixed endBlock

Proof of Concept

The auction of SD Token has a fixed endBlock. bidder(s) would like to get SD Token with least ETH and they are all incentivized to just bid at the last block, leading to loss of protocol principle (during the auction).

    function createLot(uint256 _sdAmount) external override whenNotPaused {
        lots[nextLot].startBlock = block.number;
        lots[nextLot].endBlock = block.number + duration;
        lots[nextLot].sdAmount = _sdAmount;

Genearally, auction with fixed endtime has the known vulnerability of being bidden at the last block, essentially the validator/MEVer who has the ability to slip in transaction at that block has the highest likelihood to get the bid. This basically give them advantage, and would lead to the auction to end at lower price.

Tools Used

Recommended Mitigation Steps

Extend the final endBlock at each bid. This can be activated at the end of 1h for example to ensure the highest bidder can take the auction on a fairly manner.

Assessed type

MEV
@code423n4 code423n4 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Jun 6, 2023
code423n4 added a commit that referenced this issue Jun 6, 2023
@code423n4
0xWaitress issue #70
b904466
@c4-judge c4-judge added the primary issue Highest quality submission among a set of duplicates label Jun 10, 2023
@c4-judge
Copy link
Contributor

Picodes marked the issue as primary issue

This was referenced Jun 10, 2023
Closed
Closed
Closed
Closed
Closed
@c4-sponsor c4-sponsor added the sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons label Jun 18, 2023
@c4-sponsor
Copy link

manoj9april marked the issue as sponsor acknowledged

@manoj9april
Copy link

MEV bots are welcome to be bidders.

@manoj9april manoj9april mentioned this issue Jun 20, 2023
Open
@c4-sponsor c4-sponsor added sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue and removed sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons labels Jun 20, 2023
@c4-sponsor
Copy link

manoj9april marked the issue as sponsor disputed

@Picodes
Copy link

Picodes commented Jul 2, 2023
edited
Loading

This is a valid vulnerability in my opinion. MEV are of course welcome to bid but the problem is that the current auction system doesn't allow for a proper price discovery. From a game theory standpoint, no one has any interest in revealing their bid before the end of the auction, and when bidding you tend to not reveal your max bid but try to guess the "second-highest bid". Therefore the current design can quickly lead to a suboptimal final price as someone may have increased its bid given more time.

Note as well that it is currently relatively cheap to censor a transaction for a few blocks by bribing block builders. So with the current design value will may easily be lost trying to censor other bidders or bribing miners to be included.

@c4-judge c4-judge added the selected for report This submission will be included/highlighted in the audit report label Jul 2, 2023
@c4-judge
Copy link
Contributor

c4-judge commented Jul 2, 2023

Picodes marked the issue as selected for report

@manoj9april
Copy link

manoj9april commented Jul 5, 2023
edited
Loading

Yes, We agree with your point.
But for now we would prefer go with current simpler approach and improve based your recommendation in later phases.

I think this should be considered as low severity.

@c4-sponsor c4-sponsor added sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons and removed sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue labels Jul 5, 2023
@c4-sponsor
Copy link

manoj9april marked the issue as sponsor acknowledged

@c4-sponsor
Copy link

manoj9april marked the issue as disagree with severity

@c4-sponsor c4-sponsor added the disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) label Jul 5, 2023
@C4-Staff C4-Staff added the M-13 label Jul 7, 2023
This was referenced Nov 5, 2023
Closed
Closed
@trachevgeorgi trachevgeorgi mentioned this issue Dec 9, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) edited-by-warden M-13 primary issue Highest quality submission among a set of duplicates selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@manoj9april @Picodes @code423n4 @c4-judge @c4-sponsor @C4-Staff