Dria

Summary

The purchase function in Swan.sol is designed to handle the actual transfer of assets and funds during a purchase. However, it is currently implemented with external visibility, which allows any buyer to call it directly, bypassing critical controls enforced by the protocol's primary purchase function in BuyerAgent.sol

Vulnerability Details

assets can be purchased directly by buyers via Swan::purchase

Impact

When buyers bypass BuyerAgent::purchase function and directly access Swan::purchase, they skip essential steps implemented in BuyerAgent::purchase , potentially resulting in:

1. Bypassing Protocol Phase and Round Checks: Direct calls to Swan::purchasedo not verify that the purchase occurs within the designated Buy phase or round, allowing purchases to occur outside of intended contexts.

2. Ignoring Oracle-Validated Asset List: The protocol’s oracle validation step, which confirms that only approved assets are purchased, is skipped, allowing for the unintended acquisition of assets.

3. Inconsistent Spend Tracking: omission of cumulative spend tracking (spendings[round]) and the check against the amountPerRound limit, potentially depleting protocol funds and disrupting budget control.

4. Incomplete Inventory Management: prevention of inventory updates in inventory[round], causing inaccurate records of assets acquired in each round and impacting the system’s operational integrity.

Tools Used

Manual Review

Recommendations

Consider making ` Swan::purchase ` internal in BuyerAgent.sol so that it is only called within the intended protocol flow.This restriction would prevent bypassing of critical checks, protecting the protocol from unintended purchases and enhancing overall system security and stability.