Submission Details
Severity:
Insufficient Balance
Summary
In BuyerAgent::purchase balance of BuyerAgent is never checked. This could lead to 'random' reverts due to insufficient balance to fulfil the given purchase request.
Vulnerability Details
In BuyerAgent::purchase balance of BuyerAgent is never checked:
function purchase() external onlyAuthorized {
// check that we are in the Buy phase, and return round
(uint256 round,) = _checkRoundPhase(Phase.Buy);
// check if the task is already processed
uint256 taskId = oraclePurchaseRequests[round];
if (isOracleRequestProcessed[taskId]) {
revert TaskAlreadyProcessed();
}
// read oracle result using the latest task id for this round
bytes memory output = oracleResult(taskId);
address[] memory assets = abi.decode(output, (address[]));
// we purchase each asset returned
for (uint256 i = 0; i < assets.length; i++) {
address asset = assets[i];
// must not exceed the roundly buy-limit
uint256 price = swan.getListingPrice(asset);
spendings[round] += price;
if (spendings[round] > amountPerRound) {
revert BuyLimitExceeded(spendings[round], amountPerRound);
}
// add to inventory
inventory[round].push(asset);
// make the actual purchase
swan.purchase(asset);
}
// update taskId as completed
isOracleRequestProcessed[taskId] = true;
}
This could lead to 'random' reverts due to insufficient balance to fulfil the given purchase request.
Tools Used
Manual Review
Recommendations
Check balance calling BuyerAgent::treasury to see if the buyer can actually purchase the given asset. If his balance is not sufficient revert the transaction with the appropriate error.
Prize pool breakdown
Total prize
21,000 USDC
nSLOC
1,03420
USDC / LOC
20,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.