Dria

Swan

NFTHardhat

21,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

BuyerAgent should make sure treasury() is larger than minFundAmount in constructor

tmotfl

Summary

BuyerAgent should make sure treasury() is larger than minFundAmount in constructor. If it doesn't check the balance of ERC20 token of BuyAgent, it may revert when pay oracle fee or purchase asset.

Vulnerability Details

In function withdraw of BuyerAgent.sol, if phase != Phase.Withdraw, it should remain minFundAmount()+_amounttoken in this contract.

if (phase != Phase.Withdraw) {

// instead of checking `treasury - _amount < minFoundAmount`

// we check this way to prevent underflows

if (treasury() < minFundAmount() + _amount) {

revert MinFundSubceeded(_amount);

}

When the BuyerAgent instance is construct, it is in sell phase. It should make sure the balance of buyer agent is larger than minFundAmount().

But it doesn't check it in constructor.

Impact

buyer agent may failed to act because there is no enough balance in contract.

Tools Used

mannul review

Recommendations

make sure treasuty()>= minFundAmount()in function constructor.

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

21,000 USDC

nSLOC

1,034

20 USDC / LOC

High Medium

20,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.