Submission Details
Severity:
Reentrancy in `Swan.sol` L294 and L295
Summary:
A Reentrancy vulnerability has been found in the `Swan.sol` contract L294 and 295 `Purchase()` The function performs state updates after external calls exposing the contract to reentrancy attacks.
## Vulnerability Details:
function purchase(address _asset) external {
AssetListing storage listing = listings[_asset];
// asset must be listed to be purchased
if (listing.status != AssetStatus.Listed) {
revert InvalidStatus(listing.status, AssetStatus.Listed);
}
// can only the buyer can purchase the asset
if (listing.buyer != msg.sender) {
revert Unauthorized(msg.sender);
}
// update asset status to be sold
listing.status = AssetStatus.Sold;
// transfer asset from seller to Swan, and then from Swan to buyer
// this ensure that only approval to Swan is enough for the sellers
@> SwanAsset(_asset).transferFrom(listing.seller, address(this), 1);
@> SwanAsset(_asset).transferFrom(address(this), listing.buyer, 1);
// transfer money
@> token.transferFrom(listing.buyer, address(this), listing.price);
@> token.transfer(listing.seller, listing.price);
Also, the function can be reached from a loop in `BuyerAgent.sol` L237
## Impact:
Multiple transfers of the same assets
Inconsistent contract state.
## Tools Used: manual review
## Recommendations:
1. It's always best practice to consider the Checks Effect Interaction(CEI).
2. Openzeppelin's Reentrancy guard will be another safe way to protect contracts from
reentrancy.
Updates
Prize pool breakdown
Total prize
21,000 USDC
nSLOC
1,03420
USDC / LOC
20,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.