search

sherlock-audit / 2024-03-axis-finance-judging

1 stars 0 forks source link

Honour - Atomic auctions suspicious of blockchain reorg attack #246

Closed sherlock-admin3 closed 5 months ago

sherlock-admin3 commented 6 months ago

Honour

medium

Atomic auctions suspicious of blockchain reorg attack

Summary

Atomic auctions(in this case FPAM) might be vulnerable to blockchain reorg attacks on mainnet

Vulnerability Detail

The lotId of auctions are determined by incrementing the lotCounter https://github.com/sherlock-audit/2024-03-axis-finance/blob/main/moonraker/src/bases/Auctioneer.sol#L194 As an example : A seller sends a transaction(transaction-A in Block-A) that creates an auction and returns a lotId A buyer then sends a purchase transaction (transaction-B in Block-B) using the lotId due to a reorg the block-A is dropped , An attacker can front-run transaction-B to create an auction of an undesired/lower valued token

Impact

Auction buyer could end up purchasing unwanted/valueless tokens

Code Snippet

function purchase(
        PurchaseParams memory params_,
        bytes calldata callbackData_
    ) external override nonReentrant returns (uint96 payoutAmount) {
        _isLotValid(params_.lotId);

// wait period assertion here before purchase logic

        // Load routing data for the lot
        Routing storage routing = lotRouting[params_.lotId];

Tool used

Manual Review

Recommendation

inclusion of a wait period or number of elapsed blocks before auctions can be purchased

nevillehuang commented 5 months ago

Invalid based on sherlock rules

  1. Chain re-org and network liveness related issues are not considered valid.