Core Contracts

The `Zeno::getPrice()` uses a gradual Dutch aunctioning system that reduces the price of the asset (zeno asset) been aunctioned with a decrease in time, giving the buyers more leverage to purchase the Zeno asset at a fair price that they are willing to pay in usdc for the asset. But this also creates an oppurtinity for malicious MEV bots to act and exploit the user through MEV (maximal extractable value).

To explain this let us define some certain parameters:

​

1. startingPrice: 100 Zeno = 100 Usdc

2. reservePrice: 100 Zeno = 50 Usdc

3. StartTime of the auction = 1700000000

4. endTime of the auction = 1700003600 (auction should last for 1 hour)

​

Alice buys 100 Zeno tokens after 30 minutes from the start of the auction (timestamp = 1700001800).

​

from the calculation in the `getPrice()` function, after 30 minutes from the start of the auction, alice should pay 75 usdc for 100 Zeno tokens, but a malicious MEV bot can then hold this transaction for another 5 minutes before sending the transaction, Therefore the cost of 100 zeno tokens after 35 minutes (including the 5 minutes of transaction time held by the malicious MEV bot) will be 70.83 USDC. In this example, the bot will Exploit `4.17` usdc from the user.

the `Auction::buy` function calls the `Auction::getPrice()` which returns the price of the asset based on the time left for the auction, the price of the zeno asset decreeases with time, until the amount gets to the `reservePrice` (when the time for the auction has elapsed).

​

function getPrice() public view returns (uint256) {

​

​

​

when user calls `buy` a malicious MEV bot can hold the transaction, and wait for the some amount of time to pass in order to exploit some value from the user.

Consider reconstructing the auctioning system implementation and check which best fits the design of the protocol.