The auction is open for Gas Limit DoS

[code423n4]

Lines of code

https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L32-L34

Vulnerability details

Impact

The NFT owner might initiate withdrawal but fails to do so, ends up the NFT is sold in an undesired/unexpected price

Proof of Concept

Alice opens her vault and sets the prices for her valuable NFT. The reserve strike was set to a low value etiher Alice was not aware of it or she thinks it will be sold far beyond that price. Bob is a malicious miner, he sees this and intends to buy this NFT at the bottom price where Alice thinks her BAYC will be sold far more beyond that lowest price. Bob can manipulate the gas limit of the blocks and prevent Alice to call initiateWithdraw or any user calling buyOption. Finally Bob buys an option at the lowest price, exercise it at the same block.

Reference

Tools Used

Manual Review

Recommended Mitigation Steps

The team might consider to structure part of the contract functions as off-chain.

[outdoteth]

This attack only makes sense if profit > cost to spam

Assuming that the strike is ITM then the the value of the dutch auction at blocknumber+1 must be greater than the value at blocknumber+2 by a greater amount than the average fees per block.

it only makes sense to do this attack if (while the option is ITM):

strike(t_0) - strike(t_1) > cost per block to spam

this is quite unlikely so long as a reasonable reserveStrike and startingStrike is set. The alternative curve presented here further reduces feasability of this attack; https://github.com/code-423n4/2022-05-cally-findings/issues/165

[HardlyDifficult]

DoS is an inherit risk with smart contracts, this is not a unique issue presented by the Cally implementation. With this in mind I'm downgrading to a 1 (Low) and grouping with the warden's QA report #267