Dria

Summary

In the Swan contract, when a buyer places multiple bids on the same asset within the same round, the contract overwrites previous bid information due to the use of a single mapping (listings) for each asset. This results in the loss of prior bid data, including the bid amount, as each new bid by the same buyer on the same asset replaces the existing entry. Consequently, only the most recent bid is retained, leading to potential inconsistencies in payment tracking and asset ownership.

Vulnerability Details

Location: Swan.sol, Line 198 (AssetListing storage asset = listings[_asset];)

• Issue: The listings mapping, keyed by _asset, can only store one entry per asset at any time. When the same buyer places a second bid in the same round on the same asset, the initial bid information is overwritten by the latest bid.

• Cause: Since listings does not track multiple bids per asset and buyer, new bids overwrite previous bids for the same asset. As a result, only the most recent bid is processed, and prior bids are effectively erased.

• Result: This leads to a situation where the buyer’s first bid amount is not retained in the contract, potentially causing the buyer to lose funds without receiving proper credit or refund for their initial bid.

Impact

Lost Payment: The buyer’s initial bid amount is overwritten and not retained in the contract. This could result in the buyer losing funds if the initial bid amount is not properly tracked or refunded.

• Inconsistent Auction Logic: For auction or bid-based functionality, this issue creates ambiguity around bid tracking and final bid determination, as only the latest bid is considered valid. This undermines the contract’s reliability in accurately managing bids and could lead to disputes.

• Asset Ownership Confusion: Since only the latest bid is retained, buyers may have an incorrect understanding of their bid status, impacting confidence in the platform.

Tools Used

Tests

Recommendations

1. Implement Bid Tracking per Buyer: Use a nested mapping or array structure to store each buyer’s bid per asset and round. This approach would allow tracking of multiple bids by the same buyer, ensuring each bid is preserved.

2. Prevent Multiple Bids per Buyer per Round: Implement logic that restricts a buyer from placing more than one bid on the same asset within the same round. This would avoid overwriting issues entirely by enforcing a single bid per buyer per round.

3. Automatic Refunds for Previous Bids: If allowing multiple bids per round, introduce a mechanism to automatically refund any previous bid amount when a new bid is placed on the same asset by the same buyer. This ensures no funds are lost if bids are overwritten.