How could we handle any exploit on "Exponential Price Decay Contract"?

I would like to raise the concern of the auction contract being exploited. For example, any bugs/flaws in the implementation potentially cause domain names being sniped at a lower or $0 price.

I appreciate the due-diligence which has been done by the devs. I work for a large software corporation. Based on my experience, it is a good practice to have a mitigation plan. Also, the floating number is error-prone.

So, what could be done if the contract is exploited? As a blackbox mitigation, is it feasible to do an emergency deployment to revert the contract back to the linear $100K (or even higher) solution?

Thank you!

Also, thanks for such a quick implementation. Given the importance and the complexity of the contract, would the dev add some unit test cases?

Isn’t the unit test at ens-contracts/TestExponentialPremiumPriceOracle.js at 05fc157414596c1d4253e01e99f4015132604175 · ensdomains/ens-contracts · GitHub ?

oh, nice. thanks for pointing this out.

We’ve also run an exhaustive test - evaluating the function for every second between 0 and 28 days. The end results were an average error (between Solidity and JS implementation) of 0.0005%, and a maximum error of 0.001%.