Overview
This document proposes a change to the Money on Chain (MoC) protocol flow related to the use of Reverse Auction contracts.
Info: This does not affect the stablecoin protocol, it only affects the MOC flow.
A security issue has been identified in one of the existing Reverse Auction contracts, where an attacker was able to exploit a Flash Loan–based price manipulation attack to interfere with the purchase price of MOC tokens.
Warning: The full technical details of the attack and its execution is documented in this separate post.
Problem Statement
The detected vulnerability allows an attacker to:
- Take a flash loan
- Perform a typical sandwich attack by manipulating on‑chain prices
- Buy and sell MOC tokens within the same transaction
- Extract profit from the price difference created by the manipulation
Because current Reverse Auction contracts rely on spot prices at execution time, they are vulnerable to short‑lived price distortions caused by flash loans.
Proposed Changes
1. Replace All Reverse Auction Contracts
All existing Reverse Auction contracts will be fully replaced by a new version with enhanced price‑control mechanisms.
The new Reverse Auction contracts will:
- Enforce swap execution prices using a TWAP (Time‑Weighted Average Price) algorithm
- Use an external price source resistant to short‑term manipulation
- Prevent swaps from executing outside an acceptable price range
This approach makes flash loan–based price manipulation economically unviable.
2. Reconfigure Dependent Contracts
All contracts currently wired to the output of existing Reverse Auctions (such as buffers and splitters) must be reconfigured to reference the newly deployed Reverse Auction contracts.
No legacy Reverse Auction contracts will remain connected in the protocol flow.
3. Route Optimization and Multi‑Hop Support
The new Reverse Auction implementation supports multi‑hop swap paths, enabling routing optimizations.
As a result:
- The total number of Reverse Auctions in the flow will be reduced from 5 to 4
- Swap paths will be updated accordingly
4. Removal of the Unwrapper Contract
The current Unwrapper contract will no longer be required.
The new Reverse Auction contracts are capable of:
- Handling outputs directly in basecoin
- Eliminating the need for a separate unwrapping step
This simplifies the overall contract topology and reduces operational complexity.
5. Protocol Registry Update
The protocol Registry will be updated to:
- Remove references to all legacy Reverse Auction contract addresses
- Register the addresses of the newly deployed Reverse Auction contracts
This ensures that all protocol components resolve to the upgraded infrastructure.
6. Execution Threshold Adjustment
Execution thresholds of the legacy Reverse Auction contracts being replaced will be lowered to zero.
This measure ensures that:
- No funds remain trapped in deprecated contracts
- All remaining balances can be safely drained or migrated
7. Governance Process
As with all protocol‑level changes, this proposal will be submitted to a governance vote within the Money on Chain governance system.
Upon approval, deployment and reconfiguration will be executed following standard upgrade procedures.
Summary
This proposal strengthens the Money on Chain protocol against flash loan–based price manipulation attacks by:
- Replacing all Reverse Auction contracts with TWAP‑protected versions
- Simplifying routing through multi‑hop support
- Removing unnecessary components
- Updating registries and execution thresholds
- Preserving decentralization through governance approval
The proposed changes significantly improve security, robustness, and maintainability of the Reverse Auction flow.
General flow diagram
This is a simplified diagram to provide an overview.
Diagram showing only contracts related to vulnerable Reverse auctions
Focused solely on contracts that need to be updated, discarded, or rewired.
Diagram with the proposed upgrade
This diagram shows how Flow will look after the change.
Reverse Auction that will be replaced
| Path | Address |
|---|---|
WRBTC → RIF |
0x2ae2…5b2f |
RIF → WRBTC |
0x3533…f1e0 |
WRBTC → MOC |
0xc886…d508 |
MOC → WRBTC |
0xbe9b…393d |
MOC → WRBTC |
0x73e9…17f3 |
Contracts that will no longer be used
| Name | Address |
|---|---|
Unwrapper |
0x957F…188D |
New Reverse Auction
| # | Path | Address |
|---|---|---|
| 1 | RBTC → MOC |
0x42E2…fd59 |
| 2 | RIF → WRBTC → MOC |
0x323f…4809 |
| 3 | MOC → RBTC |
0xcd1D…1542 |
| 4 | MOC → WRBTC → RIF |
0xd3D1…e065 |
Contracts whose output will be rewired
| Type | Address |
|---|---|
Commission splitter |
0x1149…B0fD |
Commission splitter |
0x6C22…f948 |
Commission splitter |
0x60cE…6E47 |
Commission splitter |
0x9C66…5851 |
Buffer |
0x7002…453A |
Buffer |
0x09A8…CC30 |
Technical procedure
In order to fix these contracts a change contract must be deployed and it will be necessary go through the voting process to make the changes.
The changer contract to vote would be:
| Name | Address (and link to verified code in RSK blockscout explorer) |
|---|---|
SetNewReverseAuction |
0xf900643c9E78923fA83fdD00288dE5Bcb346bE67 |
Call to MOC holders: