The list
function in swan contract allows users to create and list assets with specific buyers. However, the function currently lacks sufficient checks on the price
parameter, allowing for potential abuse. Malicious users could create assets with a zero price, bypassing fees and filling up a buyer's asset limit for a given round, effectively preventing legitimate listings.
The primary vulnerability arises from the unchecked price
parameter, which allows users to create assets with a price of zero. By doing this, the contract logic permits listings without paying any fees to the buyer or the platform. A malicious user could exploit this by creating numerous zero-price assets, filling up the allowed maxAssetCount
limit per buyer per round.
Since the listing fee is calculated based on the asset price, contract logic allows users to list asset without paying any fee if price is zero.
This denial-of-service (DoS) attack could effectively prevent legitimate users from listing their assets with the same buyer within that round. A malicious user could use this exploit to fill only their legitimate listings to prevent competition.
A single malicious user could prevent legitimate users from listing assets for a particular buyer by filling up the asset limit with zero-price listings.
Manual
Set a minimum non-zero value for the price
parameter to prevent zero-price asset listings. This will ensure that fees are always paid and discourage spam listings.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.