Use of `revert` Instead of Skipping in `purchase()` Function
Summary
The UserAgent::purchase() function reverts when the total payment exceeds the round's buy limit. This results in an all-or-nothing outcome, preventing any NFTs from being traded in the cycle, even though the buy limit could cover a partial purchase.
Vulnerability Details
If spendings[round] exceeds amountPerRound, the function reverts, halting all trades within the cycle, even if the buy limit would allow for the purchase of a portion of the NFTs:
Impact
This logic restricts trading within the round and reduces the platform's usability by blocking the purchase of NFTs that fall within the buy limit. As a result, potential sales are lost, and users are prevented from maximizing their trading activity for the available funds within each cycle.
Tools Used
vscode
Recommendations
Instead of reverting, the function should skip unpurchased NFTs when the buy limit is reached, allowing users to purchase only as many NFTs as can be covered by amountPerRound.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.