Dria

Swan

NFTHardhat

21,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Persistent spending tracking issue in buyerAgent and Swan contracts

davidjohn241018

Summary

In the BuyerAgent.sol and Swan.sol contracts, a vulnerability arises due to the way spendings[round] is handled in BuyerAgent.sol. This variable tracks spending within each round, increasing with each purchase. However, spendings[round] does not reset when assets are relisted in Swan.sol, which leads to inaccurate spending tracking across rounds. Specifically, the issue lies around line 242 in BuyerAgent.sol, where spendings[round] += price; accumulates spending data without resetting across new rounds.

Vulnerability Details

Line 242, BuyerAgent.sol: spendings[round] += price;

The function where this line is located is responsible for incrementing the spendings value for the current round by the asset’s price during each purchase.
Since spendings[round] is not cleared between rounds, when assets are relisted in Swan.sol (line 225), the total spendings accumulates and may exceed the intended per-round limit without resetting.

Relist Function, Swan.sol, Starting Line 225:
- This function allows assets to be relisted by their seller after the current round ends. However, spendings[round] in BuyerAgent.sol does not reset upon relisting, meaning old data persists into subsequent rounds.

Impact

Inaccurate Spending Calculations: By failing to reset spendings[round], the contract may inaccurately calculate spending for each round, impacting purchase limits.

Excessive Spend Detection: Since spendings[round] carries over residual values, it may cause the contract to hit the amountPerRound limit prematurely, which triggers a BuyLimitExceeded revert. This can prevent legitimate purchases within the intended round limit.
User Frustration and Reduced Confidence: Users may encounter unexpected reverts due to spend limit errors, impacting user experience and trust in the platform.

Tools Used

Tests

Recommendations

Reset Spending per Round: Modify the relisting function in Swan.sol (around line 225) or in BuyerAgent.sol to reset or initialize spendings[round] whenever a new round begins. This can prevent residual values from affecting future rounds.

function resetSpendingForNewRound() external onlyAdmin

{

spendings[round] = 0; // Reset the spending for the current round

round += 1; // Increment to the next round

}

Track Round Changes Explicitly: Introduce a function in BuyerAgent.sol to clear or reset spending specifically when rounds transition. This would separate round-based transactions clearly, enhancing contract reliability.
Testing with Edge Cases: Conduct extensive testing for relisting scenarios, ensuring that spend limits work as expected across multiple rounds. An external audit could also be beneficial to verify round-based handling.

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

21,000 USDC

nSLOC

1,034

20 USDC / LOC

High Medium

20,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.