Dutch auctions allow the protocol to sell assets at a time based decreasing price, which means means the longer the auction the lower the price.
This kind of model presents some risk if the sequencer on L2 chains fails to work properly after the auction has been fired.
Impact
The impact is financial, dutch auctions will be less profitable for the protocol.
Proof of Concept
Given that the price during dutch auctions is based on how much time has passed since the start.
uint192 price = _price(uint48(block.timestamp));
A network outage can be quite damaging to any actors providing liquidity to the system.
Consider the following scenario.
A 30 min long dutch auction start
The network experiences an outage, causing the sequencer to go offline.
45 min later the network is back
A fast actor bids on the dutch auction sitting now at the worst price
Auction settles.
Lines of code
https://github.com/code-423n4/2024-07-reserve/blob/3f133997e186465f4904553b0f8e86ecb7bbacbf/contracts/plugins/trading/DutchTrade.sol#L91
Vulnerability details
Dutch auctions allow the protocol to sell assets at a time based decreasing price, which means means the longer the auction the lower the price. This kind of model presents some risk if the sequencer on L2 chains fails to work properly after the auction has been fired.
Impact
The impact is financial, dutch auctions will be less profitable for the protocol.
Proof of Concept
Given that the price during dutch auctions is based on how much time has passed since the start.
A network outage can be quite damaging to any actors providing liquidity to the system.
Consider the following scenario.
A 30 min long dutch auction start The network experiences an outage, causing the sequencer to go offline. 45 min later the network is back A fast actor bids on the dutch auction sitting now at the worst price Auction settles.
Tools Used
Manuel reviews
Recommended Mitigation Steps
With the use of Chainlinks sequencer uptime feeds, negate auctions that have been taking place while an outage.
Assessed type
Other