vnavascues / auction-platform Goto Github PK

At the moment an auction can only be ended (i.e. endAuction()) if the following criteria is met:

• The message sender who calls endAuction() is the owner of the auction (checked by onlyAuctionOwner() modifier).
• The given auction has not already ended.
• The auction deadline is past (i.e. block.timestamp >= auction.blockDeadline).

It would be great to automatise the end of an auction (and more) with Chainlink, but still allow the auction owner to manually finish it.

Early draft

1. New Chainlinked contract (i.e. ChainlinkedContract):

• It must inherit from ChainlinkClient and Ownable (for transferring the ownership of some methods to AuctionRepository).
• request():
  • Protected by onlyOwner modifier.
  • Arguments: oracle address, job ID, payment?, callback address, callback function signature, and timestamp (auction block deadline).
  • Request adapter: Sleep.
• validateChainlinkCallback(): given the chosen design pattern (AuctionRepository.sol does not inherit from ChainlinkClient.sol). AuctionRepository must be protected against malicious callers (e.g. check both sender and requestId).
  • Arguments: requestId.
  • Protected by onlyOwner modifier.
• cancelRequest():
  • Arguments: requestId, payment, callback function signature, expiration.
  • Protected by onlyOwner modifier.
• withdrawLink(): TBC
  • Protected by onlyOwner modifier.

2. AuctionRepository.sol contract:

• initialize():
  • Initialise the trusted ChainlinkedContract and store its reference within the contract.
  • Transfer its ownership to the contract address.
  • Store the oracle address and the jobId within the contract.
  • LINK (token) address?
• createAuction():
  • Call the ChainlinkedContract.request() with:
    • auction.blockDeadline - block.timestamp as a delta unit. Double check this.
    • this.address as a _callbackAddress.
    • endAuction() as a _callbackFunctionSignature.
    • payment?
  • Store the request ID and the auction ID in a mapping (i.e. mapping(bytes32 => uint256) private requestIdAuctionId).
• endAuction():
  • Use a new access modifier that only allows access to the auction owner and ChainlinkedContract.
  • Check against ChainlinkedContract.validateChainlinkCallback().
  • Remove the requestIdAuctionId mapping entry.
• cancelAuction():
  • Beware of the 5 minutes requirement .
  • Remove the requestIdAuctionId mapping entry.
  • Call ChainlinkedContract.cancelRequest().
• cancelledRequestFulfill(): TBC, transfer link back to the auction owner.
• updateOracleAddress()
• updateJobId()

Open questions

• Contracts design: create a specific Chainlinked contract as described (composition) above or make AuctionRepository.sol inherit from ChainlinkClient? (inheritance). Furthermore the design must be compatible with the AuctionRepository.sol upgradeable capabilities (via OpenZeppelin upgradeable contracts).
• Adapter: is the sleep adapter "built-in" one or do I have to ask a node operator to list it? It seems not avaiable right now.
• LINK payment/withdrawal: find the best way to fund the Chainlinked contract, and to withdraw the LINK after cancelling an auction. Important.
• endAuction(): what happens if the auction owner ends the auction before the Chainlink job response? The same block could have the owner and the job tx, making one of them revert. Important.
• cancelAuction(): instead of allowing the auction owner to withdraw the funds, an alternative would be to integrate VRF and make a lottery among the bidders (if there aren't either do not penalise the owner or add them to a lottery pot).

References

Chainlink API Reference
Chainlink alarms
Sleep adapter
OZ Upgradeable Contracts
OZ Upgradeable Contracts + Chainlinked 1
OZ Upgradeable Contracts + Chainlinked 2

Below a list of known issues. Not all of them will be addressed due to the nature/status of the app (learning purposes):

• AuctionRepository.sol is a type of auction room that offers no protection against front-running attacks (being the displacement the most relevant here). No strategies like limits (e.g. gas, bid % variation), commit-reveal schema or submarine sends have been adopted.
• User cases tests on testnet will require a delayed execution.
• The app is not fully decentralised. The contracts are OZ Upgradeable owned by a single address.
• Contracts have not been gas optimised.
• Contracts emit too many events (waiting the frontend requirements).

By preventing a bidder to bid twice in a row, a displacement front-running "attack" can be mitigated.

        if (bidsLength == 0) {
            require(msg.value > auction.startPrice, "Bid below starting price");
        } else {
            currentBid = auctionBids[_auctionId][bidsLength - 1];
            require(msg.sender != currentBid.from, "Consecutive bids");  // Add this statement expression
            require(msg.value > currentBid.price, "Bid below current bid");
        }