Seller can cause a Denial Of Service attack by negating `SwanAsset::ERC721._setApprovalForAll(_owner, _operator, true)`
Summary
Single seller may potentially stop the BuyerAgent::purchase() operation from happening because the seller may transfer the ERC721 SwanAsset that they received during listing to some other address and this would cause the following transfer to fail thereby the reverting the entire transaction
SwanAsset(_asset).transferFrom(listing.seller, address(this), 1);
Description
When a seller creates a listing targetting a buyer, they receive a SwanAsset with owner permissions whilst the swan contract itself gets the operator permission. During initialization the operator is granted approval for all. However since the user (here seller) is the owner of this asset, they are free to revoke this approval thereby causing the purchase to fail.
That can be accomplished with the following lines in testing code:
After this, Swan contract is no longer an operator for this contract. Therefore it's not safe to assume that in the Swan::purchase(asset) function the following operation will happen without reverting
Impact
Denial of service for other sellers may happen because when BuyerAgent::purchase() is called one malicious seller who revokes the approval may cause the entire transaction to fail.
Tools Used
Manual Analysis
Recommended Mitigations
One way I can think of is to make the User (seller) an operator with limited permissions and Swan, the owner. (Reverse the roles)
Lead Judging Commences
DoS in BuyerAgent::purchase
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.