Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Auction bidder sanction check #876

Open
wants to merge 6 commits into
base: master
Choose a base branch
from

Conversation

eladmallel
Copy link
Collaborator

No description provided.

Copy link

netlify bot commented Dec 19, 2024

Deploy Preview for nouns-home ready!

Name Link
🔨 Latest commit 63626a8
🔍 Latest deploy log https://app.netlify.com/sites/nouns-home/deploys/676ad9d3643ca10008b56908
😎 Deploy Preview https://deploy-preview-876--nouns-home.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

Copy link

netlify bot commented Dec 19, 2024

Deploy Preview for nouns-testnet ready!

Name Link
🔨 Latest commit 63626a8
🔍 Latest deploy log https://app.netlify.com/sites/nouns-testnet/deploys/676ad9d347d6f70008a84741
😎 Deploy Preview https://deploy-preview-876--nouns-testnet.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@eladmallel eladmallel marked this pull request as ready for review December 24, 2024 16:24
@eladmallel eladmallel changed the title Draft: auction bidder sanction check Auction bidder sanction check Dec 24, 2024
Copy link

@dmitriia dmitriia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks clean implementation wise. Some thoughts on the related risks and design implications:

  1. sanctionsOracle becomes an another point of trust: it can turn rogue, block all other bids by marking the bidders sanctioned (say just when the isSanctioned() request comes from the Auction House, behaving normally otherwise) and keep winning the auctions for non-material amounts until auctions become paused and sanctionsOracle gets replaced

  2. There is also a possibility of collision by an attacker and sanctionsOracle controlling party, which can selectively revert bids when the attacker pursues the auctioned noun, splitting the difference between realized and current market prices

  3. If there be a known algorithm (or even a heuristics being correct frequently enough) for marking an address sanctioned, say a tx from an already sanctioned address with a value above some threshold makes its recipient sanctioned too, then it can be exploited by any third party that controls the sanctioned address, i.e. they can bid small on each auction, then front run all the other bids with such tx from the sanctioned address they control, reverting all the other bids and getting the noun at a depressed price

  4. In order to control for operational mistakes it can be recommended to check Oracle availability, e.g. require(!sanctionsOracle_.isSanctioned(address(this)), 'Sanctions Oracle malfunction') on setting the new Oracle in initialize() and setSanctionsOracle()

  5. sanctionsOracle non-malicious malfunction will freeze auctions: createBid() cannot proceed when sanctionsOracle_.isSanctioned(account) call reverts. If the sale without sanctions check is feasible consider wrapping the call in a try-catch block and place Oracle unavailability case logic in the catch section. This paired with (6) can suggest some auction time extension logic (i.e. Oracle was checked at the start, as (6) suggests, then it became unavailable, so the auction was unavailable too for some time in the middle and should be extended to a degree)

  6. In order to reduce the number of situations when Oracle was unavailable for a part of the particular auction timeline, so the amount of bids and the resulting price was lower due to that only, consider checking the Oracle availability in _createAuction() (reverting if Oracle isn't available) and _settleAuction() (if (5) won't be implemented, so createBid() fails silently and don't affect the auction, there is a lighter alternative: not settling, but extending the auction if Oracle isn't available on _settleAuction())

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants