Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

A minimum amount of fund always remain locked In Case of BuyerAgent

0xhacksmithh

Summary

Vulnerability Details

While withdrawing via withdraw() in withdraw phase there is a check

if (treasury() < minFundAmount() + _amount) {
revert MinFundSubceeded(_amount);
}
function minFundAmount() public view returns (uint256) {
return amountPerRound + swan.getOracleFee();
}

https://github.com/Cyfrin/2024-10-swan-dria/blob/main/contracts/swan/BuyerAgent.sol#L152-L154

So there should be always minFundAmount()amount of token remain in contract which is equivalent to amountPerRound + swan.getOracleFee()

A BuyerAgent can set amountPerRoundto zero in-case he wants full withdrawal via `setAmountPerRound()

https://github.com/Cyfrin/2024-10-swan-dria/blob/main/contracts/swan/BuyerAgent.sol#L393-L397

But The Point is swan.getOracleFee()of amount never recoverable, and remain locked in contract for-ever even if Buyers exit the protocol.

Impact

Tools Used

Manual review

Recommendations

On Buyer exit, total funds should be recoverable.

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Appeal created

0xhacksmithh Submitter
8 months ago
inallhonesty Lead Judge
7 months ago
inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.