Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Circuit DAO>High findings>Mistakes in auction-collateral calculations
GeneralOverview
Findings
Critical (4)
High (7)Incorrect STATUTES_MAX_IDX for statutes mutationMistakes in auction-collateral calculationsOutlier resolution--logic bugsUnverified solution parameters in announcer_registry could lead to loss of rewardsUnverified solution parameters in recharge_win could lead to loss of tokensMissing timestamp validation in collateral vaultUnverified MIN_DEPOSIT value
Medium (1)
Low (1)
Informational (3)
DiscussionVote aggregationTreasury-ring correctness relies on governanceConfusion of atom-announcer identityOracle-resolution votingTest code coverage
DesignDesign overviewThe statues coinGovernanceAtom announcerAnnouncer registryOracleTreasuryRecharge auctionSurplus auctionCollateral vaultSavings vaultBYC and CRT
Audit ResultsAssessment Results
Category: Coding Mistakes

Mistakes in auction-collateral calculations

High Severity
High Impact
High Likelihood

Description

The puzzle vault_keeper_bid.clsp allows keepers to place bids on the collateral in a vault that is being liquidated. The keepers provide the bid amount in BYC, and this amount is used to calculate the collateral amount returned to the bidder based on the current auction price. The auction price is calculated based on the time that has passed since the start of the auction and the price-decrease factor.

The amount of collateral returned should thus be equal to the byc_bid_amount divided by the current price after reduction, and the current price after reduction should be calculated as price reduced per interval * total intervals, which when expanded, results in the following formula:

So finally, the formula to calculate collateral comes out to be

where 10/MOJOS is for unit conversion. To compare, the calculation of bid_xch_collateral_amount_pre in the puzzle is as follows:

bid_xch_collateral_amount_pre (/
  (*
    (/
      (* byc_bid_amount PRECISION)
      (*
        (- start_price
            (* ; current price factor
              (/
                (*
                  start_price
                  step_price_decrease_factor
                )
                PERCENT_PRECISION
              )
              ; current price
              (/ (- current_timestamp auction_start_time) step_time_interval)
            )
        )
        10
      )
    )
    MOJOS)
  PRECISION
)

That is, it multiplies the numeration by an extra start_price and divides by an extra PERCENT_PRECISION before subtracting it from start_price, which should not be there.

Impact

The calculation of collateral to be returned to the user is incorrect, which will lead to incorrect accounting and potentially loss of funds.

Recommendations

We recommend changing the code of the puzzle by removing the extra start_price and PERCENT_PRECISION from the calculation.

Remediation

This issue has been acknowledged by Voltage Technologies Ltd., and a fix was implemented in commit 1102b793.

Zellic © 2025Back to top ↑