outdoteth
commented
2 years ago further context for the quote
Closed code423n4 closed 2 years ago
outdoteth
commented
2 years ago further context for the quote
outdoteth
commented
2 years ago
Lines of code
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L419
Vulnerability details
Impact
The protocol depends on the mentioned function decrementing to 0 or to the reserveStrike(if any is set by the seller of the option). After testing the efficiency of of getDutchAuctionStrike (), it will return a value lower than the reserveStrike 2-3hrs prior to the auctionEndTimestamp. Which is clearly unfavourable to a seller, as they would want to be on the higher end of the reserveStrike (the least in the worst case that a seller would take).
Proof of Concept
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L419
Tools Used
Manual Analysis
Recommended Mitigation Steps
This is what was mentioned to #out.eth to which he agreed "I'm trying to figure out a work around but I think you need a time frame in which it will be reduced by.Where you have the progress variable, you'll need a fixed time by which you want it to be reduced. Every x mins, x amount will be reduced such that we arrive at the reserveStrike."