Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Sellers can prevent buyers from purchasing other assets by repeatedly relisting the same asset until the `maxAssetCount` is reached

typical_human

Summary

Each relisting adds a new entity to the assetsPerBuyerRound mapping for a buyer, allowing a seller to grief the buyer by repeatedly relisting the same asset. This prevents the buyer from participating in any other trade, as their maxAssetsCount would be reached.

Vulnerability Details

A user can assign any buyer the ability to buy their asset in the list function link and relist function link. The issue arises because each relisting adds a new entry to the assetsPerBuyerRound mapping for a specific buyer link without removing the previous entry. This allows any seller to grief a buyer and block their ability to buy other assets by filling up their asset slots with the same listing.

Impact

A seller can block a buyer's ability to purchase any other asset by using the relist function to fill the buyer’s asset mapping with multiple entries of the same asset.

Tools Used

Manual review.

Recommendations

Either remove the old entry during a relist or update the existing listing with the necessary parameters to prevent filling the buyer's asset capacity with repeated instances of the same asset.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Appeal created

typical_human Submitter
about 1 year ago
inallhonesty Lead Judge
about 1 year ago
inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!