Dria

Swan

NFTHardhat

21,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

`platformFee` cap at `100%` denies Agents their share of listing fee

tigerfrake

Summary

The platformFee parameter in setMarketParameters() allows the owner to set the fee to 100%, enabling the owner to take the entire buyerFee in transferRoyalties() and leaving nothing for the Agent. Since Agents are intended to receive a percentage of the fee, allowing platformFee to reach 100% effectively denies them this incentive, violating the intended benefit structure for Agents.

Vulnerability Details

When a seller lists their asset for sale via a given Agent, they have to pay % of the listing price as buyerFee which gets split in two ways in transferRoyalties():

function transferRoyalties(AssetListing storage asset) internal {

// calculate fees

uint256 buyerFee = (asset.price * asset.royaltyFee) / 100;

>> uint256 driaFee = (buyerFee * getCurrentMarketParameters().platformFee) / 100; // Possible (driaFee = buyerFee)

// first, Swan receives the entire fee from seller

// this allows only one approval from the seller's side

token.transferFrom(asset.seller, address(this), buyerFee);

// send the buyer's portion to them

>> token.transfer(asset.buyer, buyerFee - driaFee); // Agent gets nothing

// then it sends the remaining to Swan owner

>> token.transfer(owner(), driaFee); // Owner takes all

}

Every Agent has a set royaltyFee which determines the % pay. It is therefore the seller's responsibility to choose an Agent that best suits them.

However, the Agents do not get to choose what percentage the owner will set as platformFee in the market parameters.

function setMarketParameters(SwanMarketParameters memory _marketParameters) external onlyOwner {

>> require(_marketParameters.platformFee <= 100, "Platform fee cannot exceed 100%"); // Issue here

_marketParameters.timestamp = block.timestamp;

marketParameters.push(_marketParameters);

}

Also during initialization:

function initialize(

>> SwanMarketParameters calldata _marketParameters,

---SNIP---

) public initializer {

__Ownable_init(msg.sender);

>> require(_marketParameters.platformFee <= 100, "Platform fee cannot exceed 100%"); // Issue here

---SNIP---

}

Notice that these functions allow for the platformFee to be set to exactly 100% or less. When set to 100%, driaFee will equal the whole buyerFee which means that Swan owner will take the whole sum leaving nothing for the Agent.

Impact

According to Contest Details:

Each agent has a fee rate where the asset creators pay a % of the listing price as a fee to the agent.

Agents are entitled to a cut and setting platformFee to 100% denies them this incentive.

Tools Used

Manual Review

Recommendations

Ensure the platformFee falls below 100%.

- require(_marketParameters.platformFee <= 100, "Platform fee cannot exceed 100%");

+ require(_marketParameters.platformFee < 100, "Excess fee");

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

21,000 USDC

nSLOC

1,034

20 USDC / LOC

High Medium

20,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.