Dria

Swan
NFTHardhat
21,000 USDC
View results
Submission Details
Severity: medium
Invalid

Use of `revert` Instead of Skipping in `purchase()` Function

Summary

The UserAgent::purchase() function reverts when the total payment exceeds the round's buy limit. This results in an all-or-nothing outcome, preventing any NFTs from being traded in the cycle, even though the buy limit could cover a partial purchase.

Vulnerability Details

If spendings[round] exceeds amountPerRound, the function reverts, halting all trades within the cycle, even if the buy limit would allow for the purchase of a portion of the NFTs:

242: spendings[round] += price;
243: if (spendings[round] > amountPerRound) {
244: revert BuyLimitExceeded(spendings[round], amountPerRound);
245: }

Impact

This logic restricts trading within the round and reduces the platform's usability by blocking the purchase of NFTs that fall within the buy limit. As a result, potential sales are lost, and users are prevented from maximizing their trading activity for the available funds within each cycle.

Tools Used

vscode

Recommendations

Instead of reverting, the function should skip unpurchased NFTs when the buy limit is reached, allowing users to purchase only as many NFTs as can be covered by amountPerRound.

Updates

Lead Judging Commences

inallhonesty Lead Judge
7 months ago
inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.