Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Due to the `maxAssetCount` restriction on buyers, a malicious seller can grief any buyer for a round

ericselvig

Vulnerability Details

All buyers are restricted by the maxAssetCount market parameter which limits the number of assets that can be listed for a buyer in a round.
A malicious seller can list assets with irrelevant information equal to the maxAssetCount for a buyer, making any genuine seller unable to list their assets for the buyer, and making the buyer waste their round.
The seller can keep the price of the asset even 1 wei so the royalty paid is very insignificant.

https://github.com/Cyfrin/2024-10-swan-dria/blob/c8686b199daadcef3161980022e12b66a5304f8e/contracts/swan/Swan.sol#L168-L170

File: swan/Swan.sol
if (getCurrentMarketParameters().maxAssetCount == assetsPerBuyerRound[_buyer][round].length) {
revert AssetLimitExceeded(getCurrentMarketParameters().maxAssetCount);
}

Impact

Genuine sellers are unable to list their assets for the buyer, and the buyer wastes their round.

Tools Used

Manual Review

Recommendations

There can be a few ways to mitigate this issue:

  1. Instead of restricting the number of assets that can be listed for a buyer, restrict the number of assets that can be listed by a seller for a buyer.

  2. Creating a mechanism for buyers to remove listings made for them.

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Validated
Assigned finding tags:

DOS the buyer / Lack of minimal amount of listing price

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.