Dria

Swan

NFTHardhat

21,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

The protocol claims to support ETH as a payment token but it doesn't

dimulski

Summary

According to the Readme, the protocol supports ETH as a payment token:

ERC-20 (ETH, WETH): Payments within Swan are made with an ERC20 compatible token. Oracle fees are also paid with such.

However this is not the case. If we start with the transferRoyalties() function, which is called within the list() and relist() functions, the asset creator can't pay the fees with ETH.

function transferRoyalties(AssetListing storage asset) internal {

// calculate fees

uint256 buyerFee = (asset.price * asset.royaltyFee) / 100;

uint256 driaFee = (buyerFee * getCurrentMarketParameters().platformFee) / 100;

// first, Swan receives the entire fee from seller

// this allows only one approval from the seller's side

token.transferFrom(asset.seller, address(this), buyerFee);

// send the buyer's portion to them

token.transfer(asset.buyer, buyerFee - driaFee);

// then it sends the remaining to Swan owner

token.transfer(owner(), driaFee);

}

It is the same case with the purchase() function:

function purchase(address _asset) external {

...

// transfer money

token.transferFrom(listing.buyer, address(this), listing.price);

token.transfer(listing.seller, listing.price);

...

}

All instances of the BuyerAgent.sol contract can't receive ETH as there is no receive() function implemented. Additionally the withdraw() and the treasury() functions can't withdraw ETH and can't calculate the balance of EHT the contract could potentially hold respectively.

The register() and unregister() function in the LLMOracleRegistry.sol contract also doen't support ETH in order to pay for registration, and later on withdraw the stake.

The LLMOracleCoordinator.sol contract also doesn't support ETH. In the request() function, the buyer agent can't pay the fee with ETH only with ERC20 tokens. The respond() and the validate() functions both call the _increaseAllowance() function which only increases the allowance for a certain ERC20 token. The withdrawPlatformFees() function also doesn't allow for ETH to be withdrawn.

Vulnerability Details

Impact

Tokens that the protocol team claims should be supported are not.

Tools Used

Manual review

Recommendations

Support ETH as a payment token, check if the token address is 0 for example, and then use the low level call to transfer the tokens, be careful not to introduce reentrancy vulnerabilities.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Assigned finding tags:

[INVALID] ETH not supported as payment method

Contest details specifically state that: "Payments within Swan are made with an ERC20 compatible token", WETH's address is mentioned as well. Everything is done through ERC20 functionality.

Prize pool breakdown

Total prize

21,000 USDC

nSLOC

1,034

20 USDC / LOC

High Medium

20,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.