Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

Fixed `1:1` Redemption Ratio Breaks Auction Price Dynamics in ZENO Token Auction

0x23r0

Summary

The Auction contract mints ZENO tokens on the auction price, while the ZENO token contract redeems tokens at a fixed 1:1 ratio with USDC. This discrepancy enables buyers to incur significant losses or exploit arbitrage opportunities, thereby breaking the intended economic model of the auction.

Vulnerability Details

When a buyer participates in the auction, the buy function calculates the cost based on the price and then mints amount ZENO tokens to the buyer:

function buy(uint256 amount) external whenActive {

require(amount <= state.totalRemaining, "Not enough ZENO remaining");

uint256 price = getPrice();

@>> uint256 cost = price * amount;

require(usdc.transferFrom(msg.sender, businessAddress, cost), "Transfer failed");

bidAmounts[msg.sender] += amount;

state.totalRemaining -= amount;

state.lastBidTime = block.timestamp;

state.lastBidder = msg.sender;

@>> zeno.mint(msg.sender, amount);

emit ZENOPurchased(msg.sender, amount, price);

}

Here, the auction price is only used to determine the USDC cost, not to adjust the number of tokens minted.

Redemption Logic in ZENO Contract:
In the ZENO contract, tokens are redeemed for USDC on a 1:1 basis:

_burn(msg.sender, amount);
USDC.safeTransfer(msg.sender, amount);
This means that regardless of the auction price at which the tokens were minted, each token will always be redeemed for 1 USDC.
Resulting Discrepancy:
There is a fundamental mismatch between the auction price and the redemption ratio. Buyers who purchase tokens at a higher auction price are guaranteed to redeem tokens at a much lower value.

Proof-of-Concept (POC)

Scenario 1: Low Auction Price

Auction Parameters:
- Auction price: 10 USDC per token.
- Buyer purchases: 1 token.
Auction Execution:

Cost calculated: 10 USDC x 1 = 10 USDC
- 1 ZENO token is minted.
Redemption Outcome:
- Redemption transfers 1 USDC for the token.
- Net Result: Buyer loses 10 - 1 = 9 USDC per token.

Scenario 2: High Auction Price

Auction Parameters:
- Auction price: 100 USDC per token.
- Buyer purchases: 1 token.
Auction Execution:
- Cost calculated: 100 USDC x 1 = 100 USDC
- 1 ZENO token is minted.
Redemption Outcome:
- Redemption transfers 1 USDC for the token.
- Net Result: Buyer loses 100 - 1 = 99 USDC per token.

In both scenarios, the buyer redeems tokens at a fixed 1:1 ratio (1 USDC per token), regardless of the auction price, causing significant financial loss.

Impact

Buyers paying a premium in the auction will experience massive losses upon redemption due to the fixed 1:1 redemption ratio.

Tools Used

Manual Review

Recommendations

Adjust the Auction contract's minting mechanism so that the number of ZENO tokens minted reflects the auction price.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Validated

Assigned finding tags:

ZENO.sol implements fixed 1:1 redemption with USDC regardless of auction purchase price, breaking zero-coupon bond economics and causing user funds to be permanently lost

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!