Lender can front-run calls to `auctionBuyNft()` to DoS auctions

[code423n4]

Lines of code

https://github.com/code-423n4/2023-05-particle/blob/main/contracts/protocol/ParticleExchange.sol#L654

Vulnerability details

Lender can front-run calls to auctionBuyNft() to DoS auctions

Lenders can DoS auction offers by resetting the auction process.

Impact

The Particle protocol allows lenders to auction their loans in case any interested party wants to repay the NFT of the loan. The process is started by the lender by calling startLoanAuction() which updates the auctionStartTime field of the lien and initiates the auction process which lasts for 24 hours (_AUCTION_DURATION).

During this timeframe, anyone can call auctionBuyNft() to accept the offer. This function validates that the auction is started and not expired using the auctionLive modifier.

https://github.com/code-423n4/2023-05-particle/blob/main/contracts/protocol/ParticleExchange.sol#L771-L780

771:     modifier auctionLive(Lien calldata lien) {
772:         if (lien.auctionStartTime == 0) {
773:             revert Errors.AuctionNotStarted();
774:         }
775: 
776:         if (block.timestamp > lien.auctionStartTime + _AUCTION_DURATION) {
777:             revert Errors.AuctionEnded();
778:         }
779:         _;
780:     }

The lender can also stop the auction process by calling stopLoanAuction(), which resets the auctionStartTime value to zero. This means that the lender can front-run calls to auctionBuyNft() by using stopLoanAuction() to reset the timestamp to zero. This will make the checks in auctionLive fail, causing the auctionBuyNft() transaction to be reverted.

A malicious lender can then use this issue to block auction offers and then restart the process again, and repeat the attack if needed, with the intention of letting the auction expire so they can call withdrawEthWithInterest() to liquidate the borrower.

Proof of concept

1. Lender initiates auction process by calling startLoanAuction().
2. Offerer submits transaction to call auctionBuyNft().
3. Lender front-runs transaction and calls stopLoanAuction().
4. Offerer transaction is reverted as the auction process is not running.
5. Lender can reinitiate the auction process by calling startLoanAuction() again.

Recommendation

If the stop auction functionality isn't essential to the protocol, the stopLoanAuction() can be removed in order to let auction proceed without being interrupted. Otherwise, some limitations can be applied to either when or how frequently the stopLoanAuction() can be called in order to mitigate the described attack.

Assessed type

DoS

[hansfriese]

Not sure what is the motivation for the lender to disturb auctionBuyNft. Will leave it open for the sponsor's review for now but am likely to downgrade to QA.

[hansfriese]

This report is similar to #16 in the sense of DoS but lacks of impact analysis. Likely to apply for partial credits.

[c4-judge]

hansfriese marked the issue as satisfactory

[c4-judge]

hansfriese marked the issue as duplicate of #16

[c4-judge]

hansfriese changed the severity to 3 (High Risk)

[wukong-particle]

Not exactly duplicate of https://github.com/code-423n4/2023-05-particle-findings/issues/16 because this is not using addCredit to realize the DoS attack. Over here, the attacker (the lender) doesn't really benefit economically from the attack (not wanting the auction to end, then why starting the auction in the first place).

[c4-sponsor]

wukong-particle marked the issue as sponsor disputed

[c4-judge]

hansfriese changed the severity to 2 (Med Risk)

[c4-judge]

hansfriese marked the issue as not a duplicate

[c4-judge]

hansfriese marked the issue as unsatisfactory: Invalid

[wukong-particle]

We added a minimum auction time 1 hour to mitigate situations related to this issue: https://github.com/code-423n4/2023-05-particle-findings/issues/40

[romeroadrian]

Not sure what is the motivation for the lender to disturb auctionBuyNft. Will leave it open for the sponsor's review for now but am likely to downgrade to QA.

@hansfriese the main idea here is that the lender can artificially inflate the auction price by blocking the calls and restarting the process. This can be motivated by different reasons:

• The lender can inflate the current price of the auction and be the same offerer, keeping the penalty applied to the borrower for himself.
• If the lender manages to DoS the process and keep the auction open for the whole duration, this means that he can liquidate the borrower (see https://github.com/code-423n4/2023-05-particle/blob/main/contracts/protocol/ParticleExchange.sol#L204)
• The lender can simply do this for griefing purposes, inflating the loss (penalty) to the borrower.

[wukong-particle]

ok this was a bit convoluted but if I understand what is attack is trying to do, there are 3 points: (1) the lender wants to liquidate and get ETH (2) the lender wants to also get all interest (3) nft asks from the open market only shows up during auction

(3) is there because note that borrower can execute nft buy (with any price within max spendable) any time, even during auction. Lender might DoS (3) by sandwitch startAuction and stopAuction, as pointed out by https://github.com/code-423n4/2023-05-particle-findings/issues/40 and fixed with https://github.com/Particle-Platforms/particle-exchange-protocol/pull/28 (1 hour min auction window)

But to achieve (1) an (2), I think lender can simply just watch in the sideline without creating auction

[hansfriese]

@romeroadrian As the sponsor commented, this attack is not likely to happen due to several reasons. The lender does not need to spend gas to start/stop auctions and front-run the ask orders. He can just sit back and wait until the accrued interest becomes as much as he wants. More importantly, the buyer can always repay with NFT even during the auction.

With the above being said, I believe this issue is invalid.