Dria

Swan

NFTHardhat

21,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Default Phase in `list` Function May Cause User Losses Due to Uninitialized Buyer Address

pelz

Summary

The list function in Swan.sol checks if a specified buyer address is in the Sell phase before allowing a listing. However, due to how enums are initialized, if an invalid or uninitialized buyer address is passed in, it defaults to the Sell phase without being explicitly set. This can lead to potential losses, as the function may permit listings with unintended buyers.

Vulnerability Details

In the list function, when a seller passes a buyer address, the contract checks if this buyer is in the Sell phase by accessing an enum from the BuyerAgent contract:

if (phase != BuyerAgent.Phase.Sell) {

revert BuyerAgent.InvalidPhase(phase, BuyerAgent.Phase.Sell);

}

The enum Phase is structured as follows:

enum Phase {

Sell, // default value (0)

Buy,

Withdraw

}

The Sell phase is currently assigned as the default value (0). If the buyer address is invalid or uninitialized, the phase will default to Sell, allowing the listing to proceed. This creates the impression that the buyer is valid and ready to buy, which could lead to an unintended transaction.

Impact

Users may mistakenly list assets with unintended or uninitialized buyers, potentially resulting in losses. Since the buyer’s phase defaults to Sell, sellers may accidentally conduct listings with invalid buyers, leading to asset misallocation or failed transactions.

Root Cause

The root cause of this issue is the use of Sell as the default enum value, making it possible for invalid or uninitialized buyer addresses to default to this phase without any verification or explicit setting.

Tools Used

Manual code review

Recommendations

Modify the Enum Default Value: Introduce an Unset value as the default to prevent accidental defaults to Sell. This ensures the phase must be explicitly set for a valid transaction.
enum Phase {
Unset, // default value (0)
Sell,
Buy,
Withdraw
}
Explicit Phase Setting: Ensure that buyer addresses have an explicitly set phase before conducting any operations. This reduces the risk of user errors due to uninitialized values.

With these changes, the default Unset value will prevent unintended access, and the code will only permit listings with explicitly set buyer phases, reducing the risk of loss for the seller.

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

21,000 USDC

nSLOC

1,034

20 USDC / LOC

High Medium

20,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.