Seller can skip low rate bidders #104
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-194
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2022-11-size/blob/706a77e585d0852eae6ba0dca73dc73eb37f8fb6/src/SizeSealed.sol#L256
Vulnerability details
Impact
Let us say k1 is the private key of a seller, and k2 is the private key of a bidder.
The sharepoint between them is
G^k1^k2 = G^k2^k1
, andG^k2
is the public key of the bidder, so the sharepoint = (public key of the bidder) ^ (private key of the seller).It means that the seller can decrypt all bid prices using his private key during the bid process before reveal stage. Of course the seller's address is blocked in bid function here, but the seller can place a bid using another address with whole knowledge of other's price.
So the seller can skip low rate bidders for high income, and bidders cannot get expected base tokens because the seller knows their price.
Proof of Concept
Let us say totalBaseAmount = 2 for an auction, and there are two bids.
Alice:
quoteAmount = 2, baseAmount = 1
Bob:
quoteAmount = 1, baseAmount = 1
The finish rate is 1, so the seller will get 2 quote tokens from 2 base token. But the seller knows all these prices during auction, so he can place another bid for better income.
Seller(using other address):
quoteAmount = 2, baseAmount = 1
In this case, the finish rate is 2, so the seller will spend 2 quote tokens for 1 base token, and then get 4 quote token from 2 base token. As a result, he will get 2 quote tokens from only 1 base token, and he can get same quote tokens from less base token.
Bob's bid cannot be filled because the seller knows his price before the auction is ended.
Tools Used
Manual Review
Recommended Mitigation Steps
Introduce a system that the seller can't know the bidder's price before the end of an auction.
The text was updated successfully, but these errors were encountered: