Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

No check for sequencer uptime can lead to Zeno auctions being executed at lower prices or may result in incomplete auctions

SlayerSecurity

Summary

Since sequencer liveness is not checked and the protocol will be deployed in any EVM-compatible chain including L2s, Zeno tokens will not be completely sold or will be sold at lower prices than intended.

Vulnerability Details

The Zeno tokens are solved via an auction. The price of these tokens is determined via this linearly decreasing curve:

function getPrice() public view returns (uint256) {
if (block.timestamp < state.startTime) return state.startingPrice;
if (block.timestamp >= state.endTime) return state.reservePrice;
return state.startingPrice - (
(state.startingPrice - state.reservePrice) *
(block.timestamp - state.startTime) /
(state.endTime - state.startTime)
);
}

And this is the buy function:

function buy(uint256 amount) external whenActive {
require(amount <= state.totalRemaining, "Not enough ZENO remaining");
uint256 price = getPrice();
uint256 cost = price * amount;
require(usdc.transferFrom(msg.sender, businessAddress, cost), "Transfer failed");
bidAmounts[msg.sender] += amount;
state.totalRemaining -= amount;
state.lastBidTime = block.timestamp;
state.lastBidder = msg.sender;
zeno.mint(msg.sender, amount);
emit ZENOPurchased(msg.sender, amount, price);
}

Look at two things - getPrice() and whenActive modifier:

modifier whenActive() {
require(block.timestamp > state.startTime, "Auction not started");
require(block.timestamp < state.endTime, "Auction ended");
_;
}

If the sequencer goes down, let's say a little after the start time and comes back online after it ends, then because of this whenActive modifier, the auction will not be completed and totalRemaining will never be decreased. Also, if let's say the sequencer went offline as soon as the auction started but came back online before the auction ended, this allows users to buy the Zeno tokens at a much cheaper price, leading to protocol loss.

Please look at these similar issues:

  1. https://solodit.cyfrin.io/issues/m-3-no-check-for-sequencer-uptime-can-lead-to-dutch-auctions-executing-at-bad-prices-sherlock-none-index-update-git

  2. https://solodit.cyfrin.io/issues/m-3-l2-sequencer-down-will-push-an-auctions-price-down-causing-unfair-liquidation-prices-and-potentially-guaranteeing-bad-debt-sherlock-arcadia-git

Impact

The intended amount of tokens may not be sold or the Zeno tokens can be bought at much cheaper prices.

Tools Used

Manual review

Recommendations

Check sequencer uptime and invalidate the auction if the sequencer was ever down during the auction period.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Protocol lacks L2 sequencer status checks, allowing transactions to execute at a lower price after downtime in Dutch auctions, or consuming stale prices

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Protocol lacks L2 sequencer status checks, allowing transactions to execute at a lower price after downtime in Dutch auctions, or consuming stale prices

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.