User could list assets more than limit
Summary
Seller could list more assets, than current limit.
Vulnerability Details
When current value of maxAssetCount is 5, and sellers list for 1 buyer 4 assets, owner of protocol could call SwanManager.sol.setMarketParameters() with maxAssetCount=3.After that, when will be new listing(call list function), the check won't work.
because it will be always false. 3 != 4, 3 != 5, etc.
Impact
Seller could avoid check of max assets in round
Tools Used
Manual review
Recommendations
Lead Judging Commences
[INVALID] List unlimited items
SwanManager::setMarketParameters pushes the new parameters `marketParameters.push(_marketParameters);` After that, when user calls list the protocol computes the round and the phase `(uint256 round, BuyerAgent.Phase phase,) = buyer.getRoundPhase();` Inside the getRoundPhase function you have this if statement on top: `if (marketParams.length == marketParameterIdx + 1) {`. The setMarketParameters call changed the `marketParams` length, thing which will case the first case to be false and run the else statement. At the end of that statement we see there is a new round. So the second element of this check `(getCurrentMarketParameters().maxAssetCount == assetsPerBuyerRound[_buyer][round].length` is zero, because the [round] is fresh.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.