SantiagoGregory
commented
2 years ago We're switching to a Dutch auction through Seaport.
Open sherlock-admin opened 2 years ago
SantiagoGregory
commented
2 years ago We're switching to a Dutch auction through Seaport.
Evert0x
commented
2 years ago Downgrading to info as it's a protocol design choice.
secureum
commented
2 years ago Escalate for 2 USDC.
This finding is based on current protocol design and implementation (i.e. there was no documentation suggesting their future switch to Dutch auction). Based on the protocol team's response above, they effectively confirm the current design choice (and implementation) to be a serious enough issue that they are changing the protocol design to what is recommended by this finding. Just because it is a design issue does not deem this to be downgraded to informational — design drives implementation and is harder to change. Moving to a Dutch auction, as recommended, will affect significant parts of protocol implementation.
Therefore, we still think this is of Medium severity impact, if not higher.
cc @berndartmueller @lucyoa
sherlock-admin
commented
2 years ago Escalate for 2 USDC.
This finding is based on current protocol design and implementation (i.e. there was no documentation suggesting their future switch to Dutch auction). Based on the protocol team's response above, they effectively confirm the current design choice (and implementation) to be a serious enough issue that they are changing the protocol design to what is recommended by this finding. Just because it is a design issue does not deem this to be downgraded to informational — design drives implementation and is harder to change. Moving to a Dutch auction, as recommended, will affect significant parts of protocol implementation.
Therefore, we still think this is of Medium severity impact, if not higher.
cc @berndartmueller @lucyoa
You've created a valid escalation for 2 USDC!
To remove the escalation from consideration: Delete your comment. To change the amount you've staked on this escalation: Edit your comment (do not create a new comment).
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
Evert0x
commented
2 years ago Escalation accepted based on comment from Watson
sherlock-admin
commented
2 years ago Escalation accepted based on comment from Watson
This issue's escalations have been accepted!
Contestants' payouts and scores will be updated according to the changes made on this issue.
0xRajeev
medium
Outstanding debt is not guaranteed to be covered by auctions
Summary
The best-effort one-time English auction for borrower collateral is not economically efficient to drive auction bids towards reaching the total outstanding debt, which leads to loss of LP funds.
Vulnerability Detail
When any lien against a borrower collateral is not paid within the lien duration, the underlying collateral is put up for auction where bids can come in at any price. The borrower is allowed to cancel the auction if the current bid is lower than the reserve price which is set to the total outstanding debt. The reserve price is not enforced anywhere else. If there are no bids, the liquidator will receive the collateral.
Impact
This auction design of a best-effort one-time English auction is not economically efficient to drive auction bids towards reaching the total outstanding debt which effectively leads to loss of LP funds on unpaid liens.
Code Snippet
Tool used
Manual Review
Recommendation
Consider alternative auction design mechanisms e.g. a Dutch auction where the auction starts at the reserve price to provide a higher payment possibility to the LPs.