search

sherlock-audit / 2024-05-pooltogether-judging

9 stars 5 forks source link

AnasTur - TPDA Dutch Auction Manipulation in PoolTogether V5 #63

Closed sherlock-admin3 closed 3 months ago

sherlock-admin3 commented 3 months ago

AnasTur

medium

TPDA Dutch Auction Manipulation in PoolTogether V5

Summary

The liquidation mechanism in the PoolTogether V5 protocol, implemented in the TpdaLiquidationPair contract, could be exploited by malicious actors to manipulate prices and gain an unfair advantage.

Vulnerability Detail

The TpdaLiquidationPair contract uses a Target Period Dutch Auction (TPDA) to liquidate yield for prize tokens. The auction price is inversely proportional to the time elapsed since the last auction. This mechanism can be exploited by an attacker who can predict or influence the timing of auctions.

By strategically timing their interactions with the contract, an attacker could buy tokens at lower prices than expected, potentially accumulating a significant amount of yield at a reduced cost. This could lead to a loss of yield for the prize pool and ultimately reduce the rewards for legitimate users.

Impact

The impact of this vulnerability is significant as it could undermine the fairness and economic sustainability of the prize pool. If attackers can consistently manipulate the liquidation process, they could drain the yield, reducing the overall value of the prize pool and discouraging participation from legitimate users.

Code Snippet

https://github.com/sherlock-audit/2024-05-pooltogether/blob/main/pt-v5-tpda-liquidator/src/TpdaLiquidationPair.sol#L190

function _computePrice() internal view returns (uint192) {
    uint256 elapsedTime = block.timestamp - lastAuctionAt;
    if (elapsedTime == 0) {
        return type(uint192).max;
    }
    uint192 price = uint192((targetAuctionPeriod * lastAuctionPrice) / elapsedTime);

    if (price < MIN_PRICE) {
        price = MIN_PRICE;
    }

    return price;
}

Tool used

Manual Review

Recommendation

Consider implementing a more robust auction mechanism that is less susceptible to manipulation. This could involve using a different pricing algorithm, introducing randomness into the auction timing, or implementing measures to detect and prevent manipulative behavior.

For example, you could use a Vickrey auction, where the highest bidder wins but pays the second-highest bid price. This would incentivize bidders to reveal their true valuation, making it harder for attackers to manipulate the auction.

Alternatively, you could introduce randomness into the auction timing, making it difficult for attackers to predict when the next auction will occur. This could be achieved by using a verifiable random function (VRF) to determine the auction start time.

Finally, you could implement measures to detect and prevent manipulative behavior, such as monitoring for unusual trading patterns or setting limits on the amount of yield that can be purchased in a single transaction.

nevillehuang commented 3 months ago

Invalid, no issue here, it is describing how the dutch auction is intended to work