This repository has been archived by the owner on Jan 21, 2024. It is now read-only.
0xTheC0der - New auction rebalance can be started before previous one concluded or duration elapsed #22
Labels
Excluded
Excluded by the judge without consulting the protocol or the senior
Non-Reward
This issue will not receive a payout
0xTheC0der
medium
New auction rebalance can be started before previous one concluded or duration elapsed
Summary
New auction rebalance can be started before previous one concluded or duration elapsed, leading to potential DoS of bids or limited bidder loss.
Vulnerability Detail
The manager of a
SetToken
can call AuctionRebalanceModuleV1.startRebalance(...) at any time, i.e. starting a new rebalance auction before the previous one concluded (met targets, early unlock) or its duration elapsed.Thereby many auction parameters can be changed (overwriting the previous ones), like: components, price adapters, quote asset, rebalance duration and initial position multiplier. However, even if all those parameters are kept the same, the rebalance start time is still updated, see L275, which tampers with non-constant price adapter's price computation, see L806, when creating a bid.
Impact
Starting a new auction with different parameters or specifically front-running a bid can lead to the following consequences:
SetToken
unlock due to additional increase of rebalance duration.Keep in mind, that a bidder has the option to preview the potential outcomes of a bid with AuctionRebalanceModuleV1.getBidPreview(...) which even solidifies the severity of this issue, since the bidder is led to believe that everything is working as intended and therefore subsequently calls AuctionRebalanceModuleV1.bid(...) which still can be front-run by AuctionRebalanceModuleV1.startRebalance(...) to cause the above impacts.
Code Snippet
The following PoC modifies an existing test case and demonstrates how front-running a bid by starting a new rebalance auction incurs a loss for the bidder. Just apply the diff below and run the test with
npx hardhat test test/protocol/modules/v1/auctionRebalanceModuleV1.spec.ts
.Tool used
Manual Review
Recommendation
Enforce a reasonable upper limit on the rebalance duration and only allow a new rebalance auction to be started when the previous one elapsed or has concluded (met targets, early unlock).
The text was updated successfully, but these errors were encountered: