Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Excessive Buyer Agent Fee and Platform Fee Structure

josh4324

Summary

The BuyerAgent contract and the SwanManager contract currently allow both the buyer agent fee and the platform fee to be set up to 100%, creating a scenario where the buyer can take all the seller asset price and the platform can take all the BuyerAgent Fees. This configuration leads to a significant overcharging risk:

Vulnerability Details

Buyer Agent Fee Cap: The buyer agent can set its fee to 100% of the asset price, which means the agent could take the entire value of the asset as a fee, potentially leaving the seller with no benefit from the transaction.

Platform Fee Cap: The platform fee can set its fee to 100% of the buyer agent fee, the platform can could take all the buyer agent Fee

function setFeeRoyalty(uint96 _fee) public onlyOwner {
_checkRoundPhase(Phase.Withdraw);
@> if (_fee < 1 || _fee > 100) {
revert InvalidFee(_fee);
}
royaltyFee = _fee;
}
function setMarketParameters(SwanMarketParameters memory _marketParameters) external onlyOwner {
@> require(_marketParameters.platformFee <= 100, "Platform fee cannot exceed 100%");
_marketParameters.timestamp = block.timestamp;
marketParameters.push(_marketParameters);
}

Impact

This issue could lead to extreme cases where sellers lose 100% of the asset’s value in fees, and buyers can lose 100% of the fees gotten from sales. Such a setup creates a non-functional and non-viable system, as it is unlikely for users to accept transactions where they incur more in fees than the value of the asset itself.

Tools Used

Manual Review

Recommendations

Cap Fees at Reasonable Levels: Implement sensible maximum caps for both the buyer agent and platform fees.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.