0xCourtney
commented
1 year ago Open sherlock-admin opened 1 year ago
0xCourtney
commented
1 year ago 
rcstanciu
commented
1 year ago Reply from @arbitrary-CodeBeholder
looks good
ArbitraryExecution
medium
Auction can be ended with large limit order
In the function AuctionInternal._previewWithdraw, the number type(int128).max is used as a sentinel value for deciding whether the auction is canceled. However, an order for all contracts at a price of type(int128).max passes all requires checks for limit orders.
If such an order is placed at the start of the auction, the auction can be finalized and the trader will be refunded the entire amount when the auction is processed or canceled. This effectively prevents the auction from taking place.
Recommendation
Use AuctionStorage.Status instead of sentinel values for determining whether the auction is in the canceled state.