Dria

Summary

When a new BuyerAgent is created via Swan.createBuyer, it does not receive any initial funding. This lack of funds can cause issues when BuyerAgent calls oracleStateRequest() and oraclePurchaseRequest(), as they require feeToken to cover oracle fees. Similarly, BuyerAgent requires funds for purchasing assets.

Vulnerability Details

When BuyerAgent is created, it lacks any initial funding mechanism and allowance to support its operations. Since BuyerAgent is intended to call oracle functions and make purchases on the marketplace, it needs a balance of feeToken to cover oracle fees and NFT purchase funds to acquire listed assets.

The following functions are impacted by this lack of funding:

1. oracleStateRequest: This function in BuyerAgent requires a sufficient balance of feeToken to cover oracle fees.

2. oraclePurchaseRequest: Similarly, this function requires a balance of feeToken to request oracle data.

3. Asset Purchases: The BuyerAgent needs funds to make asset purchases in the Swan marketplace, as outlined in the purchase function.

Without a funding mechanism in place, the BuyerAgent will be unable to execute these functions, resulting in errors and operational inefficiencies.

Impact

• Functional Impact: The inability to execute oracle requests and asset purchases renders BuyerAgent ineffective for its intended use in the system.

• Operational Impact: Requires manual funding from the owner of BuyerAgent, increasing operational complexity and the potential for human error.

Tools Used

Manual Review

Recommendations

Encourage the owner of BuyerAgent (the caller of createBuyer) to fund BuyerAgent immediately after creation by directly transferring feeToken and NFT purchase funds to the BuyerAgent address.

To streamline funding, add a fundAgent function within BuyerAgent to allow the owner to transfer funds directly for oracle requests and asset purchases.