Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

No function to get asset status

aak

Summary

There is no view function to retrieve asset status.

Vulnerability Details

getListingPrice() is Natspec'd as follows:

/// @notice Returns the asset status with the given asset address.
/// @dev Active: If the asset has not been purchased or the next round has not started.
/// @dev Inactive: If the assets's purchaseRound has passed or delisted by the creator of the asset.
/// @dev Sold: If the asset has already been purchased by the buyer.
function getListingPrice(address _asset) external view returns (uint256) {
return listings[_asset].price;
}

The Natspec is wrong and indicates that it was the intention to have a function to retrieve asset status in addition to a function to retrieve prices.

This is also indicated by the fact that gasReporterOutput.json has a function:

"Swan_2dcec770": {
"key": "2dcec770",
"isCall": true,
"contract": "Swan",
"method": "getAssetStatus",
"fnSig": "getAssetStatus(address)",
"intrinsicGas": [],
"callData": [],
"gasData": [],
"numberOfCalls": 0
},

Impact

Low. getListingPrice() Natspecc'ed for a different function which is absent. The absent function (getAssetStatus()) isn't present in the code at all making it difficult for integrators to get the status before deciding to buy.

Tools Used

Manual.

Recommendations

Update the Natspac of getListingPrice() and add a function to get asset status.

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.