Submission Details
Severity:
AmountPerRound Can Be Set to Zero Breaking Core Functionality
Summary
The setAmountPerRound function in BuyerAgent allows setting amountPerRound to 0, which breaks core functionality as this value is used to determine minimum fund requirements and purchase limits.
Vulnerability Details
The function lacks any validation on the new amount:
function setAmountPerRound(uint256 _amountPerRound) external onlyOwner {
_checkRoundPhase(Phase.Withdraw);
amountPerRound = _amountPerRound; // Can be set to 0
}
This value is used in critical functions:
// Used to ensure minimum funds are maintained
function minFundAmount() public view returns (uint256) {
return amountPerRound + swan.getOracleFee(); // Could be just oracleFee if amountPerRound = 0
}
// Used as spending limit in purchase function
function purchase() external onlyAuthorized {
// ...
for (uint256 i = 0; i < assets.length; i++) {
address asset = assets[i];
uint256 price = swan.getListingPrice(asset);
spendings[round] += price;
// Will revert on first purchase if amountPerRound = 0
if (spendings[round] > amountPerRound) {
revert BuyLimitExceeded(spendings[round], amountPerRound);
}
// ...
}
}
Impact
Purchase function becomes unusable
Cannot buy any assets if price > 0
Tools Used
Manual Review
Recommendations
Add minimum amount validation:
contract BuyerAgent {
uint256 public constant MIN_AMOUNT_PER_ROUND = 0.01 ether; // Or appropriate minimum
function setAmountPerRound(uint256 _amountPerRound) external onlyOwner {
_checkRoundPhase(Phase.Withdraw);
if (_amountPerRound < MIN_AMOUNT_PER_ROUND) {
revert InvalidAmount(_amountPerRound);
}
amountPerRound = _amountPerRound;
}
}
Prize pool breakdown
Total prize
21,000 USDC
nSLOC
1,03420
USDC / LOC
20,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.