Dria

Swan

NFTHardhat

21,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Popular buyers will not be able to make any purchase (DoS) and sellers will continue to pay fees without making sales.

synccode2017

Summary

The `BuyerAgent` gets the assets available to be bought by calling the oracle in line 233 below. So popular buyers will have several assets available per round to be bought.

https://github.com/Cyfrin/2024-10-swan-dria/blob/c8686b199daadcef3161980022e12b66a5304f8e/contracts/swan/BuyerAgent.sol#L233

The oracle does not check the total price of the assets available for that particular round before returning the available assets. However, the `BuyerAgent` is configured to check this parameter and revert if the `BuyerAgent::amountPerRound` is less than the total assets prices available to be bought. So, sellers (even sellers with assets that have excellent scores) will fail to make sales after paying fees to list them and will have to pay more fees to relist their assets for another round.

This is in contrast to the comment on `BuyerAgent::purchase()` below which says the function is expected not to revert as long as the oracle works correctly.

https://github.com/Cyfrin/2024-10-swan-dria/blob/c8686b199daadcef3161980022e12b66a5304f8e/contracts/swan/BuyerAgent.sol#L221

Vulnerability Details

The `BuyerAgent` buys all the available assets return by the oracle per round or reverts if the `BuyerAgent::amountPerRound` is less than the total assets prices available to be bought. It does not buy some of those available assets with total price less than the `BuyerAgent::amountPerRound`. So when the interest in a buyer is high and it has several available assets per round so much so that the total asset price exceeds the specified `BuyerAgent::amountPerRound` both the buyer and the sellers will be denied service (DoS). No asset will be bought and the sellers will lose fees they paid to list their assets.

Impact

Sellers will continuously pay fees and make no sales due to high interest in a buyer. While the buyer will continue to collect `BuyerAgent::royaltyFee()` and make no purchase even when it wants to buy. The buyer and the sellers get DoSed.

Tools Used

Manual review

Recommendations

Refactor `BuyerAgent::purchase()` such that whenever `BuyerAgent::amountPerRound` < total assets prices available for the round, it buys some of those assets whose total price is less than the specified `BuyerAgent::amountPerRound`.

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago

Submission Judgement Published

Invalidated

Reason: Known issue

Prize pool breakdown

Total prize

21,000 USDC

nSLOC

1,034

20 USDC / LOC

High Medium

20,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.