Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Incorrect Parameters in `BuyLimitExceeded`

gajiknownnothing

Summary

The BuyLimitExceeded error event has its parameters have and want reversed in the revert statement.

Vulnerability Details

The BuyLimitExceeded error is intended to trigger when the total funds to be spent (spendings[round]) exceed the available funds for the round (amountPerRound). However, the revert statement erroneously passes spendings[round] as the have parameter and amountPerRound as the want parameter, which is opposite to the intended meaning.

35: /// @notice Asset count limit exceeded for this round
36: error BuyLimitExceeded(uint256 have, uint256 want);

The input for have is spendings[round], which actually is the total funds want to be spent.

The input for want is amountPerRound, which actually is the total funds the buyer agent have in the cycle.

243: if (spendings[round] > amountPerRound) {
244: revert BuyLimitExceeded(spendings[round], amountPerRound);
245: }

Impact

This issue can mislead users or developers who rely on error messages.

Tools Used

vscode

Recommendations

if (spendings[round] > amountPerRound) {
- revert BuyLimitExceeded(spendings[round], amountPerRound);
+ revert BuyLimitExceeded(amountPerRound, spendings[round]);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge
about 1 year ago
inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.