Open c4-bot-1 opened 8 months ago
raymondfam marked the issue as insufficient quality report
raymondfam marked the issue as primary issue
QA low.
MarioPoneder changed the severity to QA (Quality Assurance)
MarioPoneder marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2023-12-revolutionprotocol/blob/main/packages/revolution/src/AuctionHouse.sol#L171-L200
Vulnerability details
Impact
Without ensuring the sequencer's uptime or validating the transaction order, there's a risk of transaction reordering and delay of the settlement of auctions. This could allow someone to manipulate the order in which bids are placed or settled. For instance an attacker could potentially front-run bids, impacting the fairness and outcome of the auction. Also see: https://github.com/sherlock-audit/2023-06-Index-judging/issues/40, lack of sequencer uptime may negatively impact English Auctions as I have described, as well as Dutch auctions.
Tools Used
Manual Review
Recommended Mitigation Steps
Determine the maximum tolerable delay for the sequencer and invalidate the auction if the sequencer was down for maximum tolerable delay or more during the auction period.
Assessed type
Other