0xJem
commented
2 months ago A few over-arching issues/comments:
-
For purchases in the AtomicAuctionHouse, a purchase has a buyer (msg.sender), but can specify a different recipient.
- The call to
_sendPayout()on line 194 uses recipient value, but does not check if it is the zero address. Should probably make this consistent.
- The call to
-
Is there a need for "purchase on behalf of" with atomic purchases, along the same lines? e.g. with zapping, wouldn't
msg.senderof the call to AtomicAuctionHouse be the zapping contract? Even if the recipient were specified, if the auction lot has an allowlist that hasrecipient,msg.senderwon't equal that and therefore won't be able to purchase. Or shouldrecipientbe checked against the allowlist? -
For the proposed changes,
bidderwould need to be on a callback allowlist, not themsg.sender, which seems correct. -
For both bid and purchase, I think we need to document that the payment (quote tokens) will always be pulled from
msg.sender, regardless of the value ofrecipient/bidder.
Per discussion in this thread about "zapping" into auctions, I realized we had not added support to specify a recipient other than
msg.senderin the BatchAuctionHouse even though this functionality is in the AtomicAuctionHouse. This is important for integrations with other systems, which may route user's bids for them. This doesn't work in the same way though since the payout is not sent in the same transaction. Instead, we have to make it so callers can "bid on behalf of" another address. The designated bidder then receives all refunds and payouts (they are the owner of the bid). If a bidder is not specified (address zero), then we assume the caller is the bidder.Tasks