Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

Duplicate NFT

ChainDefenders

Summary

More than one SwanAsset with the same combination of name, symbol, description can exist in the system.

Vulnerability Details

In Swan::list when creating the asset here:

address asset = address(swanAssetFactory.deploy(_name, _symbol, _desc, msg.sender));
listings[asset] = AssetListing({
createdAt: block.timestamp,
royaltyFee: buyer.royaltyFee(),
price: _price,
seller: msg.sender,
status: AssetStatus.Listed,
buyer: _buyer,
round: round
});

It is never checked whether another asset with the same name, symbol and description exist. This can lead to two or more assets being identical (but with different prices for example). This can disincentivise users to use the platform to purchase assets as they hold no real value if everyone can list the exactly same asset with a different price.

Impact

Incentive loss for users to use the protocol to purchase assets.

Tools Used

Manual Review

Recommendations

Add a check whether the given combination of name, symbol and description already exists for another asset - if so revert the listing transaction.

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Duplicate assets in `Swan::list` function

Appeal created

ljj Auditor
12 months ago
inallhonesty Lead Judge
12 months ago
inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Duplicate assets in `Swan::list` function

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.