Summary
This proposal upgrades the Auction House contract to V3, adding sanctions compliance by checking bidders against the Chainalysis Sanctions List oracle. Bids from sanctioned addresses will be rejected. This upgrade is essential for complying with OFAC sanctions requirements, as recommended by our legal advisors, as part of becoming a Wyoming DUNA.
The oracle is a non-upgradeable contract that tracks sanctioned addresses. It is a free public good, and Chainalysis frequently updates the sanctioned accounts list with no change needed on our side. For more information about the oracle, see the Chainalysis Oracle documentation.
Audit
The changes were reviewed by hyh, the lead auditor from our previous Sherlock audits. While the review highlighted potential risks related to oracle manipulation affecting auction execution, these risks were deemed acceptable given that the specific oracle we selected (Chainalysis) is non-upgradeable and has a secure implementation.
The full audit review can be found here.
Changes in Detail
- Added sanctions check to the `createBid` function
- Bids from addresses flagged by the oracle as sanctioned will revert
- Check is performed using Chainalysis' non-upgradeable oracle contract
- No changes to auction settlement or other auction mechanics
Configuration Parameters
- Sanctions Oracle Address: 0x40C57923924B5c5c5455c48D93317139ADDaC8fb (modifiable via proposal)
Transactions
- auctionHouseProxyAdmin.upgrade(auctionHouseProxy, NounsAuctionHouseV3)
- Upgrades Auction House implementation to V3
- auctionHouseProxy.setSanctionsOracle(0x40C57923924B5c5c5455c48D93317139ADDaC8fb)
- Sets the Chainalysis Sanctions List oracle address