What is a Vickrey auction?

Vickrey auctions, named after Nobel-laureate economist William Vickrey, are sealed-bid, second-price auctions. Bidders place one secret bid, which means no bidders know what anyone else bid, and the winner of the auction, a.k.a the highest bidder, only pays the second-highest bid price, not the winning bid price.

The sealed-bid mechanism prevents any bidders from gaining an advantage by knowing what others have bid. The second-price mechanism incentivizes each bidder to bid their true value for the good being auctioned. To see why, consider the scenario where you and one other party are bidding on some good, let’s say an apple (I recently discovered honeycrisps). You value the apple at $1, and your valuation of the apple is independent of the other bidder’s valuation, which is unknown to you, thanks to sealed-bid.

As a bidder, you can either bid above, at, or below $1. Bidding above $1 doesn’t make sense because you may be forced to pay more than $1 for the apple. Bidding below $1 is suboptimal, since you may allow your competitor to win the auction for less than you value the apple. Alternatively, if you manage to win the auction bidding below $1, you could have bid $1 and paid the same price for it — whatever your competitor bid. Thus, the optimal strategy is to simply bid your maximum value, $1.

Vickrey auctions are used in practice because they incentivize participants to bid their maximum value in a single round, as opposed to highest-price auctions. For instance, Google Adwords uses a version of Vickrey auctions for efficient, realtime ad space bidding. However, as with other sealed-bid auctions, Vickrey auctions are susceptible to foul play by auction coordinators — the auction coordinator can secretly read sealed bids and submit a fake sealed bid that is slightly less than the max bid, so as to maximize auction profits, which are typically a commission based on final sale price. Detection of a falsified second-highest bid price can only be achieved if all bidders reveal their bids to each other after the auction, which defeats the whole purpose of sealed-bid auctions.

Vickrey auctions in Ethereum

This is where Ethereum comes in! By placing the auction in a smart contract on the publicly visible blockchain, anyone can audit the auction and verify correct behavior. To that end, I implemented a simple 2-party Vickrey auction in Serpent. The auction proceeds in 3 steps:

Bid commitment. Each party sends a hash commitment to a bid, along with a set maximum bid amount of ether. Parties must pre-pay so that no one withholds payment after other bidders begin to reveal their bid. They must also pre-pay a set maximum bid so that the payments don’t reveal anything about the bid. A possible beneficial side-effect of pre-paying is that users are incentivized to have the auction progress in a timely manner so that they can get their money back. Commitment verification. After a 10 block bidding period has elapsed and two parties have placed bid commitments, the bidders may now prove their bids match their previously reported commitments. If their are not exactly two bidders, the auction ends and money is returned, if necessary. Winner selection. After a 10 block bid confirmation period, any party may finish the auction, which will check the bids and handle repayment of the bidders. If any bidder has not confirmed their bid, the auction ends and only confirmed bidders get their money back. Otherwise, the winner of the auction receives their prepayment less the winning price a.k.a. second-highest bid price, and the loser gets their entire prepayment back. The auctioned good is transferred offline to the winner.

Smart contract features/limitations

As with any Ethereum smart contract, security from malicious actors is necessary. My implementation protects against the following types of attacks:

Incompletion and protocol delay. Because any participating bidder must first make a sizable upfront prepayment, any sort of delaying tactic will put them at a disadvantage due to the time value of money (ignoring fluctuations to price of ether). Additionally, the protocol can be progressed by either party and if any bidder has not completed the prior step, they will forfeit their upfront payment. Honest actors cannot be trapped in a contract; they will eventually either win the auction or get their full money back. It would be interesting to implement a dual adversary-punishing and compliance- rewarding scheme, which may incentivize more honest actors to partake in the contract but would also open up new attack vectors. Equivocation. Short of finding efficient collisions in SHA3, an adversary is unable to make a commitment to a bid and then change their bid, potentially in response to seeing the other bidder’s bid. Out of order attacks. The contract has three stages — bidding, bid confirmation, and auction resolution. Performing any of these three out of order will fail the contract and potentially cause both parties to lose their prepayment.

The primary drawback to this contract is that the maximum bid prepayment, since bidders with less ether than the maximum bid payment cannot participate in the auction at all. On the other hand, without a maximum prepayment, being able to see all auction participants and their associated ether balances would allow bidders to do a before-and-after analysis when another bidder makes a transaction with the auction contract and violate the sealed-bid mechanism of Vickrey auctions.

Ultimately, I hope to expand this contract to an n-party context, further improve the security of Vickrey auction smart contracts, and make them more widely used in practice!