Incorrect token is approved in BuyerAget.sol
Summary
In the constructor of BuyerAgent.solthe approval for coordinator is set as swan.token()instead of the correct fee token used in the coordinator.
Vulnerability Details
In buyer agent the approval for the llmcoordinatoris done to pay the oracle fees. This fees is supposed to be paid using the feeTokendescribed in the llmcoordinatorand not the swan.token().
In the buyerAgent.solthe swan.token()is approved.
swan.token().approve(address(swan.coordinator()), type(uint256).max);
(https://github.com/Cyfrin/2024-10-swan-dria/blob/c8686b199daadcef3161980022e12b66a5304f8e/contracts/swan/BuyerAgent.sol#L142-L143)
But in the LLMOracleCoordinatorthe fee token could be different. There is no connection between the 2 tokens.
feeToken.transferFrom(msg.sender, address(this), totalfee);
(https://github.com/Cyfrin/2024-10-swan-dria/blob/c8686b199daadcef3161980022e12b66a5304f8e/contracts/llm/LLMOracleCoordinator.sol#L171)
Therefore no oracle requests can be made if the tokens are different, As there is no way for the BuyerAgent.solto approve the feeToken.
Impact
This would result in the unusability of the protocol
Tools Used
Manual Review
Recommendations
Set the approval using the feeToken of the LLMOracleCoordinatorinstead.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.