Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Unlimited Price Manipulation in Asset Relisting

foxb868

Summary

The Swan protocol's relisting mechanism allows unrestricted price increases between rounds, enabling market manipulation through artificial price inflation.

Issue: Price Manipulation in Relisting

  • The relist() function in Swan.sol allows an asset owner to relist their asset with a new price without sufficient price increase constraints

  • Sellers can inflate prices exponentially between rounds

  • Affects royalty calculations (buyerFee and driaFee)

  • Disrupts AI agent purchase decisions

  • Creates artificial market signals

Attack Path:

  1. Initial listing at normal price

  2. Wait for round to end

  3. Relist at massively inflated price

  4. Repeat to create false price history

Vulnerability Details

Proof of Concept:

  1. Seller lists asset at price1

  2. When round ends without purchase

  3. Seller can relist at price2 which could be arbitrarily higher

  4. This allows artificial price inflation across rounds

https://github.com/Cyfrin/2024-10-swan-dria/blob/c3f6f027ed51dd31f60b224506de2bc847243eb7/contracts/swan/Swan.sol#L238-L246

function relist(address _asset, address _buyer, uint256 _price) external {
AssetListing storage asset = listings[_asset];
// only the seller can relist the asset
if (asset.seller != msg.sender) {
revert Unauthorized(msg.sender);
}
// asset must be listed
if (asset.status != AssetStatus.Listed) {
revert InvalidStatus(asset.status, AssetStatus.Listed);
}
// @bug detected: No price validation between rounds allows unlimited price increases
// This enables market manipulation through artificial price inflation
listings[_asset] = AssetListing({
createdAt: block.timestamp,
royaltyFee: buyer.royaltyFee(),
price: _price, // Price can be set arbitrarily higher than previous listing
seller: msg.sender,
status: AssetStatus.Listed,
buyer: _buyer,
round: round
});

Impact on Protocol:

  1. Market Manipulation Risk:

  • Sellers can artificially inflate asset prices between rounds without limits

  • Creates false price signals that could mislead other market participants

  • Enables pump-and-dump schemes across trading rounds

  1. Economic Impact:

  • Distorts true market value discovery

  • Affects royalty calculations since fees are percentage-based

  • Could lead to artificial market capitalization inflation

  1. Game Theory Implications:

  • Creates incentives for sellers to list high prices initially

  • May discourage legitimate buyers due to price uncertainty between rounds

  • Disrupts the intended AI agent purchasing behavior

Directly impacts the core market mechanics and price discovery process of the Swan protocol.

Impact

Likelihood: High

  • No technical barriers to execution

  • Clear financial incentive

  • Affects core market mechanism

Why It's Dangerous:

  1. Market Manipulation:

    • Creates false price history

    • Distorts market signals

    • Affects AI agent behavior

  2. Economic Impact:

    • Inflated royalty fees

    • Artificial market cap

    • Reduced market efficiency

  3. User Impact:

    • Buyers face uncertain pricing

    • Sellers can game the system

    • Platform fees affected by manipulation

Tools Used

Manual Review

Recommendations

function relist(address _asset, address _buyer, uint256 _price) external {
AssetListing storage asset = listings[_asset];
+ require(_price <= asset.price * 2, "Price increase exceeds maximum");
listings[_asset] = AssetListing({
price: _price,
// ... other fields
});
}

Alternative

// Add price increase limit constant
uint256 public constant MAX_PRICE_INCREASE = 200; // 200%
function relist(...) {
require(
_price <= (listings[_asset].price * MAX_PRICE_INCREASE) / 100,
"Excessive price increase"
);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.