2019-01-14 08:36:47 +00:00
|
|
|
.. index:: auction;blind, auction;open, blind auction, open auction
|
|
|
|
|
|
|
|
*************
|
|
|
|
Blind Auction
|
|
|
|
*************
|
|
|
|
|
2019-12-13 15:19:49 +00:00
|
|
|
In this section, we will show how easy it is to create a completely blind
|
|
|
|
auction contract on Ethereum. We will start with an open auction where
|
|
|
|
everyone can see the bids that are made and then extend this contract into a
|
|
|
|
blind auction where it is not possible to see the actual bid until the bidding
|
2019-01-14 08:36:47 +00:00
|
|
|
period ends.
|
|
|
|
|
|
|
|
.. _simple_auction:
|
|
|
|
|
|
|
|
Simple Open Auction
|
|
|
|
===================
|
|
|
|
|
2019-12-13 15:19:49 +00:00
|
|
|
The general idea of the following simple auction contract is that everyone can
|
|
|
|
send their bids during a bidding period. The bids already include sending money
|
|
|
|
/ Ether in order to bind the bidders to their bid. If the highest bid is
|
2021-02-16 12:09:58 +00:00
|
|
|
raised, the previous highest bidder gets their money back. After the end of
|
2019-12-13 15:19:49 +00:00
|
|
|
the bidding period, the contract has to be called manually for the beneficiary
|
|
|
|
to receive their money - contracts cannot activate themselves.
|
2019-01-14 08:36:47 +00:00
|
|
|
|
2021-06-25 10:25:29 +00:00
|
|
|
.. code-block:: solidity
|
2019-01-14 08:36:47 +00:00
|
|
|
|
2020-05-13 15:45:58 +00:00
|
|
|
// SPDX-License-Identifier: GPL-3.0
|
2021-02-08 17:13:28 +00:00
|
|
|
pragma solidity ^0.8.4;
|
2019-01-14 08:36:47 +00:00
|
|
|
contract SimpleAuction {
|
|
|
|
// Parameters of the auction. Times are either
|
|
|
|
// absolute unix timestamps (seconds since 1970-01-01)
|
|
|
|
// or time periods in seconds.
|
|
|
|
address payable public beneficiary;
|
|
|
|
uint public auctionEndTime;
|
|
|
|
|
|
|
|
// Current state of the auction.
|
|
|
|
address public highestBidder;
|
|
|
|
uint public highestBid;
|
|
|
|
|
|
|
|
// Allowed withdrawals of previous bids
|
|
|
|
mapping(address => uint) pendingReturns;
|
|
|
|
|
|
|
|
// Set to true at the end, disallows any change.
|
|
|
|
// By default initialized to `false`.
|
|
|
|
bool ended;
|
|
|
|
|
|
|
|
// Events that will be emitted on changes.
|
|
|
|
event HighestBidIncreased(address bidder, uint amount);
|
|
|
|
event AuctionEnded(address winner, uint amount);
|
|
|
|
|
2021-02-08 17:13:28 +00:00
|
|
|
// Errors that describe failures.
|
|
|
|
|
|
|
|
// The triple-slash comments are so-called natspec
|
|
|
|
// comments. They will be shown when the user
|
|
|
|
// is asked to confirm a transaction or
|
|
|
|
// when an error is displayed.
|
|
|
|
|
|
|
|
/// The auction has already ended.
|
|
|
|
error AuctionAlreadyEnded();
|
|
|
|
/// There is already a higher or equal bid.
|
|
|
|
error BidNotHighEnough(uint highestBid);
|
|
|
|
/// The auction has not ended yet.
|
|
|
|
error AuctionNotYetEnded();
|
|
|
|
/// The function auctionEnd has already been called.
|
|
|
|
error AuctionEndAlreadyCalled();
|
2019-01-14 08:36:47 +00:00
|
|
|
|
2021-08-10 18:55:45 +00:00
|
|
|
/// Create a simple auction with `biddingTime`
|
2019-01-14 08:36:47 +00:00
|
|
|
/// seconds bidding time on behalf of the
|
2021-08-10 18:55:45 +00:00
|
|
|
/// beneficiary address `beneficiaryAddress`.
|
2019-01-14 08:36:47 +00:00
|
|
|
constructor(
|
2021-08-10 18:55:45 +00:00
|
|
|
uint biddingTime,
|
|
|
|
address payable beneficiaryAddress
|
2020-06-23 16:11:34 +00:00
|
|
|
) {
|
2021-08-10 18:55:45 +00:00
|
|
|
beneficiary = beneficiaryAddress;
|
|
|
|
auctionEndTime = block.timestamp + biddingTime;
|
2019-01-14 08:36:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/// Bid on the auction with the value sent
|
|
|
|
/// together with this transaction.
|
|
|
|
/// The value will only be refunded if the
|
|
|
|
/// auction is not won.
|
2021-08-10 10:39:41 +00:00
|
|
|
function bid() external payable {
|
2019-01-14 08:36:47 +00:00
|
|
|
// No arguments are necessary, all
|
|
|
|
// information is already part of
|
|
|
|
// the transaction. The keyword payable
|
|
|
|
// is required for the function to
|
|
|
|
// be able to receive Ether.
|
|
|
|
|
|
|
|
// Revert the call if the bidding
|
|
|
|
// period is over.
|
2021-02-08 17:13:28 +00:00
|
|
|
if (block.timestamp > auctionEndTime)
|
|
|
|
revert AuctionAlreadyEnded();
|
2019-01-14 08:36:47 +00:00
|
|
|
|
|
|
|
// If the bid is not higher, send the
|
2021-02-08 17:13:28 +00:00
|
|
|
// money back (the revert statement
|
2019-12-12 14:09:09 +00:00
|
|
|
// will revert all changes in this
|
|
|
|
// function execution including
|
|
|
|
// it having received the money).
|
2021-02-08 17:13:28 +00:00
|
|
|
if (msg.value <= highestBid)
|
|
|
|
revert BidNotHighEnough(highestBid);
|
2019-01-14 08:36:47 +00:00
|
|
|
|
|
|
|
if (highestBid != 0) {
|
|
|
|
// Sending back the money by simply using
|
|
|
|
// highestBidder.send(highestBid) is a security risk
|
|
|
|
// because it could execute an untrusted contract.
|
|
|
|
// It is always safer to let the recipients
|
|
|
|
// withdraw their money themselves.
|
|
|
|
pendingReturns[highestBidder] += highestBid;
|
|
|
|
}
|
|
|
|
highestBidder = msg.sender;
|
|
|
|
highestBid = msg.value;
|
|
|
|
emit HighestBidIncreased(msg.sender, msg.value);
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Withdraw a bid that was overbid.
|
2021-08-10 10:39:41 +00:00
|
|
|
function withdraw() external returns (bool) {
|
2019-01-14 08:36:47 +00:00
|
|
|
uint amount = pendingReturns[msg.sender];
|
|
|
|
if (amount > 0) {
|
|
|
|
// It is important to set this to zero because the recipient
|
|
|
|
// can call this function again as part of the receiving call
|
|
|
|
// before `send` returns.
|
|
|
|
pendingReturns[msg.sender] = 0;
|
|
|
|
|
2022-01-07 15:01:13 +00:00
|
|
|
// msg.sender is not of type `address payable` and must be
|
|
|
|
// explicitly converted using `payable(msg.sender)` in order
|
|
|
|
// use the member function `send()`.
|
2020-12-03 22:05:05 +00:00
|
|
|
if (!payable(msg.sender).send(amount)) {
|
2019-01-14 08:36:47 +00:00
|
|
|
// No need to call throw here, just reset the amount owing
|
|
|
|
pendingReturns[msg.sender] = amount;
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
/// End the auction and send the highest bid
|
|
|
|
/// to the beneficiary.
|
2021-08-10 10:39:41 +00:00
|
|
|
function auctionEnd() external {
|
2019-01-14 08:36:47 +00:00
|
|
|
// It is a good guideline to structure functions that interact
|
|
|
|
// with other contracts (i.e. they call functions or send Ether)
|
|
|
|
// into three phases:
|
|
|
|
// 1. checking conditions
|
|
|
|
// 2. performing actions (potentially changing conditions)
|
|
|
|
// 3. interacting with other contracts
|
|
|
|
// If these phases are mixed up, the other contract could call
|
|
|
|
// back into the current contract and modify the state or cause
|
|
|
|
// effects (ether payout) to be performed multiple times.
|
|
|
|
// If functions called internally include interaction with external
|
|
|
|
// contracts, they also have to be considered interaction with
|
|
|
|
// external contracts.
|
|
|
|
|
|
|
|
// 1. Conditions
|
2021-02-08 17:13:28 +00:00
|
|
|
if (block.timestamp < auctionEndTime)
|
|
|
|
revert AuctionNotYetEnded();
|
|
|
|
if (ended)
|
|
|
|
revert AuctionEndAlreadyCalled();
|
2019-01-14 08:36:47 +00:00
|
|
|
|
|
|
|
// 2. Effects
|
|
|
|
ended = true;
|
|
|
|
emit AuctionEnded(highestBidder, highestBid);
|
|
|
|
|
|
|
|
// 3. Interaction
|
|
|
|
beneficiary.transfer(highestBid);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
Blind Auction
|
|
|
|
=============
|
|
|
|
|
2019-12-13 15:19:49 +00:00
|
|
|
The previous open auction is extended to a blind auction in the following. The
|
|
|
|
advantage of a blind auction is that there is no time pressure towards the end
|
|
|
|
of the bidding period. Creating a blind auction on a transparent computing
|
|
|
|
platform might sound like a contradiction, but cryptography comes to the
|
|
|
|
rescue.
|
|
|
|
|
|
|
|
During the **bidding period**, a bidder does not actually send their bid, but
|
|
|
|
only a hashed version of it. Since it is currently considered practically
|
|
|
|
impossible to find two (sufficiently long) values whose hash values are equal,
|
|
|
|
the bidder commits to the bid by that. After the end of the bidding period,
|
2022-09-28 10:32:42 +00:00
|
|
|
the bidders have to reveal their bids: They send their values unencrypted, and
|
2019-12-13 15:19:49 +00:00
|
|
|
the contract checks that the hash value is the same as the one provided during
|
|
|
|
the bidding period.
|
|
|
|
|
|
|
|
Another challenge is how to make the auction **binding and blind** at the same
|
|
|
|
time: The only way to prevent the bidder from just not sending the money after
|
|
|
|
they won the auction is to make them send it together with the bid. Since value
|
|
|
|
transfers cannot be blinded in Ethereum, anyone can see the value.
|
|
|
|
|
|
|
|
The following contract solves this problem by accepting any value that is
|
|
|
|
larger than the highest bid. Since this can of course only be checked during
|
|
|
|
the reveal phase, some bids might be **invalid**, and this is on purpose (it
|
2022-09-28 10:32:42 +00:00
|
|
|
even provides an explicit flag to place invalid bids with high-value
|
2019-12-13 15:19:49 +00:00
|
|
|
transfers): Bidders can confuse competition by placing several high or low
|
|
|
|
invalid bids.
|
2019-01-14 08:36:47 +00:00
|
|
|
|
|
|
|
|
2021-06-25 10:25:29 +00:00
|
|
|
.. code-block:: solidity
|
2021-07-14 17:32:42 +00:00
|
|
|
:force:
|
2019-01-14 08:36:47 +00:00
|
|
|
|
2020-05-13 15:45:58 +00:00
|
|
|
// SPDX-License-Identifier: GPL-3.0
|
2021-02-08 17:13:28 +00:00
|
|
|
pragma solidity ^0.8.4;
|
2019-01-14 08:36:47 +00:00
|
|
|
contract BlindAuction {
|
|
|
|
struct Bid {
|
|
|
|
bytes32 blindedBid;
|
|
|
|
uint deposit;
|
|
|
|
}
|
|
|
|
|
|
|
|
address payable public beneficiary;
|
|
|
|
uint public biddingEnd;
|
|
|
|
uint public revealEnd;
|
|
|
|
bool public ended;
|
|
|
|
|
|
|
|
mapping(address => Bid[]) public bids;
|
|
|
|
|
|
|
|
address public highestBidder;
|
|
|
|
uint public highestBid;
|
|
|
|
|
|
|
|
// Allowed withdrawals of previous bids
|
|
|
|
mapping(address => uint) pendingReturns;
|
|
|
|
|
|
|
|
event AuctionEnded(address winner, uint highestBid);
|
|
|
|
|
2021-02-08 17:13:28 +00:00
|
|
|
// Errors that describe failures.
|
|
|
|
|
|
|
|
/// The function has been called too early.
|
|
|
|
/// Try again at `time`.
|
|
|
|
error TooEarly(uint time);
|
|
|
|
/// The function has been called too late.
|
|
|
|
/// It cannot be called after `time`.
|
|
|
|
error TooLate(uint time);
|
|
|
|
/// The function auctionEnd has already been called.
|
|
|
|
error AuctionEndAlreadyCalled();
|
|
|
|
|
|
|
|
// Modifiers are a convenient way to validate inputs to
|
|
|
|
// functions. `onlyBefore` is applied to `bid` below:
|
|
|
|
// The new function body is the modifier's body where
|
|
|
|
// `_` is replaced by the old function body.
|
2021-08-10 18:55:45 +00:00
|
|
|
modifier onlyBefore(uint time) {
|
|
|
|
if (block.timestamp >= time) revert TooLate(time);
|
2021-02-08 17:13:28 +00:00
|
|
|
_;
|
|
|
|
}
|
2021-08-10 18:55:45 +00:00
|
|
|
modifier onlyAfter(uint time) {
|
|
|
|
if (block.timestamp <= time) revert TooEarly(time);
|
2021-02-08 17:13:28 +00:00
|
|
|
_;
|
|
|
|
}
|
2019-01-14 08:36:47 +00:00
|
|
|
|
|
|
|
constructor(
|
2021-08-10 18:55:45 +00:00
|
|
|
uint biddingTime,
|
|
|
|
uint revealTime,
|
|
|
|
address payable beneficiaryAddress
|
2020-06-23 16:11:34 +00:00
|
|
|
) {
|
2021-08-10 18:55:45 +00:00
|
|
|
beneficiary = beneficiaryAddress;
|
|
|
|
biddingEnd = block.timestamp + biddingTime;
|
|
|
|
revealEnd = biddingEnd + revealTime;
|
2019-01-14 08:36:47 +00:00
|
|
|
}
|
|
|
|
|
2021-08-10 18:55:45 +00:00
|
|
|
/// Place a blinded bid with `blindedBid` =
|
2019-01-14 08:36:47 +00:00
|
|
|
/// keccak256(abi.encodePacked(value, fake, secret)).
|
|
|
|
/// The sent ether is only refunded if the bid is correctly
|
|
|
|
/// revealed in the revealing phase. The bid is valid if the
|
|
|
|
/// ether sent together with the bid is at least "value" and
|
|
|
|
/// "fake" is not true. Setting "fake" to true and sending
|
|
|
|
/// not the exact amount are ways to hide the real bid but
|
|
|
|
/// still make the required deposit. The same address can
|
|
|
|
/// place multiple bids.
|
2021-08-10 18:55:45 +00:00
|
|
|
function bid(bytes32 blindedBid)
|
2021-08-10 10:39:41 +00:00
|
|
|
external
|
2019-01-14 08:36:47 +00:00
|
|
|
payable
|
|
|
|
onlyBefore(biddingEnd)
|
|
|
|
{
|
|
|
|
bids[msg.sender].push(Bid({
|
2021-08-10 18:55:45 +00:00
|
|
|
blindedBid: blindedBid,
|
2019-01-14 08:36:47 +00:00
|
|
|
deposit: msg.value
|
|
|
|
}));
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Reveal your blinded bids. You will get a refund for all
|
|
|
|
/// correctly blinded invalid bids and for all bids except for
|
|
|
|
/// the totally highest.
|
|
|
|
function reveal(
|
2021-08-10 18:55:45 +00:00
|
|
|
uint[] calldata values,
|
|
|
|
bool[] calldata fakes,
|
|
|
|
bytes32[] calldata secrets
|
2019-01-14 08:36:47 +00:00
|
|
|
)
|
2021-08-10 10:39:41 +00:00
|
|
|
external
|
2019-01-14 08:36:47 +00:00
|
|
|
onlyAfter(biddingEnd)
|
|
|
|
onlyBefore(revealEnd)
|
|
|
|
{
|
|
|
|
uint length = bids[msg.sender].length;
|
2021-08-10 18:55:45 +00:00
|
|
|
require(values.length == length);
|
|
|
|
require(fakes.length == length);
|
|
|
|
require(secrets.length == length);
|
2019-01-14 08:36:47 +00:00
|
|
|
|
|
|
|
uint refund;
|
|
|
|
for (uint i = 0; i < length; i++) {
|
|
|
|
Bid storage bidToCheck = bids[msg.sender][i];
|
|
|
|
(uint value, bool fake, bytes32 secret) =
|
2021-08-10 18:55:45 +00:00
|
|
|
(values[i], fakes[i], secrets[i]);
|
2019-01-14 08:36:47 +00:00
|
|
|
if (bidToCheck.blindedBid != keccak256(abi.encodePacked(value, fake, secret))) {
|
|
|
|
// Bid was not actually revealed.
|
|
|
|
// Do not refund deposit.
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
refund += bidToCheck.deposit;
|
|
|
|
if (!fake && bidToCheck.deposit >= value) {
|
|
|
|
if (placeBid(msg.sender, value))
|
|
|
|
refund -= value;
|
|
|
|
}
|
|
|
|
// Make it impossible for the sender to re-claim
|
|
|
|
// the same deposit.
|
|
|
|
bidToCheck.blindedBid = bytes32(0);
|
|
|
|
}
|
2020-12-03 22:05:05 +00:00
|
|
|
payable(msg.sender).transfer(refund);
|
2019-01-14 08:36:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/// Withdraw a bid that was overbid.
|
2021-08-10 10:39:41 +00:00
|
|
|
function withdraw() external {
|
2019-01-14 08:36:47 +00:00
|
|
|
uint amount = pendingReturns[msg.sender];
|
|
|
|
if (amount > 0) {
|
|
|
|
// It is important to set this to zero because the recipient
|
|
|
|
// can call this function again as part of the receiving call
|
|
|
|
// before `transfer` returns (see the remark above about
|
|
|
|
// conditions -> effects -> interaction).
|
|
|
|
pendingReturns[msg.sender] = 0;
|
|
|
|
|
2020-12-03 22:05:05 +00:00
|
|
|
payable(msg.sender).transfer(amount);
|
2019-01-14 08:36:47 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/// End the auction and send the highest bid
|
|
|
|
/// to the beneficiary.
|
|
|
|
function auctionEnd()
|
2021-08-10 10:39:41 +00:00
|
|
|
external
|
2019-01-14 08:36:47 +00:00
|
|
|
onlyAfter(revealEnd)
|
|
|
|
{
|
2021-02-08 17:13:28 +00:00
|
|
|
if (ended) revert AuctionEndAlreadyCalled();
|
2019-01-14 08:36:47 +00:00
|
|
|
emit AuctionEnded(highestBidder, highestBid);
|
|
|
|
ended = true;
|
|
|
|
beneficiary.transfer(highestBid);
|
|
|
|
}
|
2019-12-13 15:19:49 +00:00
|
|
|
|
|
|
|
// This is an "internal" function which means that it
|
|
|
|
// can only be called from the contract itself (or from
|
|
|
|
// derived contracts).
|
|
|
|
function placeBid(address bidder, uint value) internal
|
|
|
|
returns (bool success)
|
|
|
|
{
|
|
|
|
if (value <= highestBid) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
if (highestBidder != address(0)) {
|
|
|
|
// Refund the previously highest bidder.
|
|
|
|
pendingReturns[highestBidder] += highestBid;
|
|
|
|
}
|
|
|
|
highestBid = value;
|
|
|
|
highestBidder = bidder;
|
|
|
|
return true;
|
|
|
|
}
|
2020-05-05 08:56:31 +00:00
|
|
|
}
|