Summary

The BuyerAgent is currently required to grant maximum token allowances to both the "swan" contract and the "coordinator." This practice exposes all tokens to the risk of being drained if either entity is compromised and it's in general a very bad practice.

Vulnerability Details

Whenever a user creates a BuyerAgent, the agent automatically allocates maximum allowances for tokens to both the "swan" contract and the "coordinator." While this design may streamline transactions, it poses significant risks. If either the swan or the coordinator becomes controlled by a malicious actor, all token funds within the BuyerAgent could be drained.

Impact

Medium. Although the swan and coordinator are assumed to be trusted entities, any compromise—whether through malicious actions or hacking—could result in the total loss of token funds held within the BuyerAgent.

Tools Used

Manual review.

Recommendations

Implement a mechanism that allows the BuyerAgent owner to adjust the token allowances for the swan and coordinator. This change would provide the agent owner with greater control over their funds, enhancing security and minimizing potential losses.