Lack of sequencer uptime check can lead to unfair bidding order and delay the settlement of auctions

[c4-bot-1]

Lines of code

https://github.com/code-423n4/2023-12-revolutionprotocol/blob/main/packages/revolution/src/AuctionHouse.sol#L171-L200

Vulnerability details

Impact

Without ensuring the sequencer's uptime or validating the transaction order, there's a risk of transaction reordering and delay of the settlement of auctions. This could allow someone to manipulate the order in which bids are placed or settled. For instance an attacker could potentially front-run bids, impacting the fairness and outcome of the auction. Also see: https://github.com/sherlock-audit/2023-06-Index-judging/issues/40, lack of sequencer uptime may negatively impact English Auctions as I have described, as well as Dutch auctions.

Tools Used

Manual Review

Recommended Mitigation Steps

Determine the maximum tolerable delay for the sequencer and invalidate the auction if the sequencer was down for maximum tolerable delay or more during the auction period.

Assessed type

Other

[c4-pre-sort]

raymondfam marked the issue as insufficient quality report

[c4-pre-sort]

raymondfam marked the issue as primary issue

[raymondfam]

QA low.

[c4-judge]

MarioPoneder changed the severity to QA (Quality Assurance)

[c4-judge]

MarioPoneder marked the issue as grade-b