Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Multiple external calls per Iteration in `BuyerAgent.sol`

viquetoh

Summary:

Here we uncovered an excessive number of external calls, with a total of 6 calls per iteration

Vulnerability Details:

for (uint256 i = 0; i < assets.length; i++) {
address asset = assets[i];
// must not exceed the roundly buy-limit
uint256 price = swan.getListingPrice(asset);
spendings[round] += price;
if (spendings[round] > amountPerRound) {
revert BuyLimitExceeded(spendings[round], amountPerRound);
}
// add to inventory
inventory[round].push(asset);
// make the actual purchase
swan.purchase(asset);
}

Each iteration make at least 2 direct calls

  1. swan.getListingPrice(asset)

  2. swan.purchase(asset)
    The purchase call makes 4 more external calls(2NFT transfers, and 2 token transfers)
    making a total of 6 external calls per iteration.

Impact:

  1. This could lead to a potential Reentrancy attack.

  2. It may cause state inconsistency.

  3. Due to unbounded loop size and multiple external calls per iteration the function call easily exceeds the block gas limit, especially with a large array.

Tools Used:

Manual Review

Recommendations:

  1. Add array size limits:
    uint256 private constant MAX_PURCHASE_BATCH = 100; //as the case may be
    require(assets.length <= MAX_PURCHASE_BATCH, "Batch too large");

  2. Implementing Batching

function purchaseBatch(uint256 startIdx, uint256 endIdx) external {
require (endIdx <= assets.length && endIndex - startIndex <= MAX_PURCHASE_BATCH);
for (uint256 i = startIdx; i < endIdx; i++){
}
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.