Dria

Summary

https://github.com/Cyfrin/2024-10-swan-dria/blob/main/contracts/swan/Swan.sol

The Swan contract contains a potential Denial of Service (DoS) vulnerability related to the asset listing limits enforced for buyers. This vulnerability could be exploited by a malicious actor to prevent legitimate users from listing or relisting their assets in the marketplace, effectively locking them out and degrading the user experience.

Vulnerability Details

Location: list and relist functions of the Swan contract.

Issue: The contract enforces a limit on the maximum number of assets (maxAssetCount) that can be listed per buyer in a specific round. If a user reaches this limit, they are unable to list or relist any assets until they remove or sell existing ones.

Exploitation Scenario

1. A malicious user can create multiple low-value assets, filling their asset quota.

2. Once they reach the maximum listing limit, they will prevent any legitimate users from listing new assets or relisting their existing assets.

3. This creates a scenario where legitimate users are unable to participate in the market, leading to a Denial of Service.

Proof of Concept (PoC)

Environment Setup

1. Deploy the Swan contract on a test network.

2. Deploy a BuyerAgent and SwanAsset to interact with the Swan contract.

3. Set up a malicious user (MaliciousBuyer) and a legitimate user (LegitimateBuyer).

Steps to Reproduce

1. Malicious User Actions:

MaliciousBuyer creates multiple low-value assets, incrementing the listing count until they reach maxAssetCount.

Example Solidity code snippet:

for (uint256 i = 0; i < maxAssetCount; i++) {
swanContract.list("Asset", "SYM", "Description", 1, address(maliciousBuyerAgent));
}

1. Legitimate User Actions:

LegitimateBuyer attempts to list an asset after the maximum limit has been reached.

Example Solidity code snippet:

swanContract.list("NewAsset", "SYM", "Description", 1, address(legitimateBuyerAgent);

This action will fail with a revert due to the asset count exceeding maxAssetCount, demonstrating the DoS vulnerability.

Impact

This vulnerability can significantly impact user experience and market participation by preventing legitimate users from listing or relisting their assets. While it does not result in a loss of funds, it can lead to loss of trust and discourage users from utilizing the platform.

Tools Used

Manual Review

Recommendations

Dynamic Listing Limits: Instead of hard caps, implement dynamic limits based on market activity or asset quality.

Asset Quality Checks: Introduce mechanisms to evaluate the quality of assets being listed, preventing spam listings.