Dria

Swan

NFTHardhat

21,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Too Much centralization

0xhacksmithh

Summary

Vulnerability Details

Operator are set by Swan Protocol via SwanManager.sol

Anytime an Operator could list or delist by Swan

function addOperator(address _operator) external onlyOwner {

isOperator[_operator] = true;

}

function removeOperator(address _operator) external onlyOwner {

delete isOperator[_operator];

}

https://github.com/Cyfrin/2024-10-swan-dria/blob/main/contracts/swan/SwanManager.sol#L51

https://github.com/Cyfrin/2024-10-swan-dria/blob/main/contracts/swan/SwanManager.sol#L117-L127

And these operator will decide action behalf of BuyerAgents like all crusial functions, and BuyerAgent don't have any control of them or own functions against them

So the this led to more a centralized system controled by swan not by Buyers

Impact

Tools Used

Manual Review

Recommendations

Should re-consider this.

May give some feature to Buyers agent to choose their operators

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

21,000 USDC

nSLOC

1,034

20 USDC / LOC

High Medium

20,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.