Inequitable Settlement Due to Unhandled Capacity Thresholds

Summary

The auction contract cannot handle edge cases where the auction's capacity is barely met or just exceeded, potentially leading to an inequitable settlement.

Vulnerability Detail

Current Implementation: The contract calculates the settlement based on the total capacity and the bids' contribution to filling it.

What Goes Wrong: If the auction's capacity is barely met or slightly exceeded, especially by multiple bids at the marginal price, the settlement logic cannot distribute funds equitably among the winning bidders.

function _getLotMarginalPrice(uint96 lotId_)
    internal
    returns (MarginalPriceResult memory result)
{
    // ... existing code ...
       // If total capacity expended is greater than or equal to the capacity, we have found the marginal price
       // If capacity expended is strictly greater than capacity, then we have a partially filled bid
    // @audit  
    if (result.capacityExpended >= capacity) {
        result.marginalPrice = price;
        result.marginalBidId = bidId;
        if (result.capacityExpended > capacity) {
            result.partialFillBidId = bidId;
        }
        break;
    }

    // ... existing code ...
    // @audit No explicit logic for handling edge cases around capacity thresholds
}

Impact

Potential misallocation of funds due to not properly handling bids around the capacity threshold, affecting the fairness of the auction.

Code Snippet

given above https://github.com/sherlock-audit/2024-03-axis-finance/blob/main/moonraker/src/modules/auctions/EMPAM.sol#L689

Tool used

Manual Review

Recommendation

Capacity Handling Logic: Refine the logic in _getLotMarginalPrice and _settle to explicitly handle cases where capacity is barely met or just exceeded.

sherlock-audit / 2024-03-axis-finance-judging

thisvishalsingh - Inequitable Settlement Due to Unhandled Capacity Thresholds #163