Dria

Summary

The register function in the LLMOracleRegistry contract and purchase function in the Swan contract only checks the token allowance of the user before attempting to transfer the required stake. It does not verify if the user has a sufficient token balance, which can lead to unnecessary transaction reverts and wasted gas. Adding a balance check ensures a smoother user experience and robust contract functionality.

Vulnerability Details

The current implementation of the register function verifies that the user has allowed the contract to transfer the required stake amount. However, it does not check if the user’s token balance meets the stake requirement. If the balance is insufficient, the transferFrom function will revert, causing the transaction to fail and resulting in wasted gas. This check is necessary for a reliable and predictable registration process.

https://github.com/Cyfrin/2024-10-swan-dria/blob/c8686b199daadcef3161980022e12b66a5304f8e/contracts/llm/LLMOracleRegistry.sol#L106

https://github.com/Cyfrin/2024-10-swan-dria/blob/c8686b199daadcef3161980022e12b66a5304f8e/contracts/swan/Swan.sol#L298

like

https://github.com/Cyfrin/2024-10-swan-dria/blob/c8686b199daadcef3161980022e12b66a5304f8e/contracts/llm/LLMOracleCoordinator.sol#L165-L168

Add checking balance.

Impact

• Gas Wastage: Users with sufficient allowance but insufficient balance will experience a transaction revert at the point of transfer, leading to unnecessary gas costs.

• Poor User Experience: Without a balance check, users may face unexpected reverts and lack clarity on the reason for transaction failure, causing confusion and potentially affecting user trust.

Tools Used

Recommendations

Update the register function to include a balance check before attempting the token transfer. Here’s the modified code:

This ensures that the contract checks both balance and allowance, improving the user experience by providing clear, early feedback on registration requirements.