Dria

Summary

In the current implementation for the BuyerAgent::getRoundPhase, the logic is computing the round for buyer. This function is used by multiple function is the BuyerAgent, but also in the Swan. The problem here is that instead of computing the rounds for previous market parameters just once, the logic computing this on every invoke of the function. This can lead to excessive computation, especially when there are numerous market parameters.

Vulnerability Details

Let's have the following scenario:

1. We have a buyer and form the creation of this buyer until now 10 times, the market parameters are changed

2. This means that every time a request comes in for this buyer, getRoundPhase is calculating the rounds iterating through all of this market params.

3. For example during BuyerAgent::purchase, for every asset in SwanPurchase, getRoundPhase is invoked. This means the same computation will be made for every assset. If the asset list has a lot elements, this could lead to DOS.

Impact

getRoundPhase could consume a lot of gas, if there are multiple market parameters. On top of that this will be computed for every invoke of the function, leading to high gas fees and if the list of market parameters grows rapidly it will DoS the system.

Tools Used

Manual Review

Recommendations

To optimize this, consider caching the computed rounds and phases for the buyer instead of recalculating them with each call. This would allow getRoundPhase to quickly return previously computed results rather than recalculating for every function invocation.