Dria

Summary

The BuyerAgent contract in the given system is vulnerable to increased gas consumption due to the growing length of the marketParameters array. Every time the admin updates the market parameters using setMarketParameters, the length of the marketParameters array increases. As a result, functions like getRoundPhase, which have loops that depend on the length of this array, become more gas-intensive over time. This vulnerability may lead to prohibitive gas costs, rendering older BuyerAgents practically unusable after multiple market parameter updates.

Vulnerability Details

The getRoundPhase function is a critical part of the BuyerAgent contract. This function includes a loop https://github.com/Cyfrin/2024-10-swan-dria/blob/main/contracts/swan/BuyerAgent.sol?plain=1#L352 :

Here, idx is initially set to marketParameterIdx, which is determined based on the creation time of the BuyerAgent. The length of marketParams grows every time the market parameters are changed by the admin using setMarketParameters. This means that older BuyerAgents have to iterate through all the added market parameters since their creation, which makes the loop longer and more gas-consuming over time.

The getRoundPhase function is very important, as it is used in several key parts of the system. It is used in swan::list,relist and almost all functions in the BuyerAgent contract, including critical functions such as withdraw, oracleStateRequest, oraclePurchaseRequest, updateState, purchase, and various setters. Therefore, as the marketParameters length grows, many critical operations become increasingly gas-intensive, potentially making the BuyerAgent contract unusable for basic operations like withdrawing funds, making oracle requests, and purchasing assets.

Impact

• Inoperable BuyerAgents: Older BuyerAgents may become prohibitively expensive to use, as the gas required to complete basic functions like withdraw or oracleStateRequest may exceed reasonable limits.

• High Gas Consumption: As the number of market parameter updates increases, the loop in getRoundPhase grows longer, significantly increasing gas costs for operations that depend on this function.

Tools Used

• Manual Code Review

Recommendations

1. Redesign Parameter Update Mechanism: Redesign the way market parameters are updated to avoid excessive growth of the marketParameters array. Instead of appending new entries each time, consider a mechanism that replaces or optimizes existing entries to reduce the overall growth rate.

2. Snapshot and Reference Parameters: Introduce a snapshot-based approach where BuyerAgents can reference a specific snapshot of market parameters instead of iterating through the entire history. This can significantly reduce the computational effort required in functions like getRoundPhase.