DOS Vulnerability through Zero-Price Asset Listings in Swan
Summary
The list function in swan contract allows users to create and list assets with specific buyers. However, the function currently lacks sufficient checks on the price parameter, allowing for potential abuse. Malicious users could create assets with a zero price, bypassing fees and filling up a buyer's asset limit for a given round, effectively preventing legitimate listings.
Vulnerability Details
The primary vulnerability arises from the unchecked price parameter, which allows users to create assets with a price of zero. By doing this, the contract logic permits listings without paying any fees to the buyer or the platform. A malicious user could exploit this by creating numerous zero-price assets, filling up the allowed maxAssetCount limit per buyer per round.
Since the listing fee is calculated based on the asset price, contract logic allows users to list asset without paying any fee if price is zero.
This denial-of-service (DoS) attack could effectively prevent legitimate users from listing their assets with the same buyer within that round. A malicious user could use this exploit to fill only their legitimate listings to prevent competition.
Impact
A single malicious user could prevent legitimate users from listing assets for a particular buyer by filling up the asset limit with zero-price listings.
Tools Used
Manual
Recommendations
Set a minimum non-zero value for the price parameter to prevent zero-price asset listings. This will ensure that fees are always paid and discourage spam listings.
Lead Judging Commences
DOS the buyer / Lack of minimal amount of listing price
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.