Summary

Each relisting adds a new entity to the assetsPerBuyerRound mapping for a buyer, allowing a seller to grief the buyer by repeatedly relisting the same asset. This prevents the buyer from participating in any other trade, as their maxAssetsCount would be reached.

Vulnerability Details

A user can assign any buyer the ability to buy their asset in the list function link and relist function link. The issue arises because each relisting adds a new entry to the assetsPerBuyerRound mapping for a specific buyer link without removing the previous entry. This allows any seller to grief a buyer and block their ability to buy other assets by filling up their asset slots with the same listing.

Impact

A seller can block a buyer's ability to purchase any other asset by using the relist function to fill the buyer’s asset mapping with multiple entries of the same asset.

Tools Used

Manual review.

Recommendations

Either remove the old entry during a relist or update the existing listing with the necessary parameters to prevent filling the buyer's asset capacity with repeated instances of the same asset.