Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

A minimum amount of fund always remain locked In Case of BuyerAgent

0xhacksmithh

Summary

Vulnerability Details

While withdrawing via withdraw() in withdraw phase there is a check

if (treasury() < minFundAmount() + _amount) {
revert MinFundSubceeded(_amount);
}
function minFundAmount() public view returns (uint256) {
return amountPerRound + swan.getOracleFee();
}

https://github.com/Cyfrin/2024-10-swan-dria/blob/main/contracts/swan/BuyerAgent.sol#L152-L154

So there should be always minFundAmount()amount of token remain in contract which is equivalent to amountPerRound + swan.getOracleFee()

A BuyerAgent can set amountPerRoundto zero in-case he wants full withdrawal via `setAmountPerRound()

https://github.com/Cyfrin/2024-10-swan-dria/blob/main/contracts/swan/BuyerAgent.sol#L393-L397

But The Point is swan.getOracleFee()of amount never recoverable, and remain locked in contract for-ever even if Buyers exit the protocol.

Impact

Tools Used

Manual review

Recommendations

On Buyer exit, total funds should be recoverable.

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Appeal created

0xhacksmithh Submitter
10 months ago
inallhonesty Lead Judge
10 months ago
inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.