Dria

Summary

A Rounding issue is identified in the transferRoyalties function of the Swan.sol smart contract. The vulnerability arises from the integer division of fee calculations, which can lead to unintended values. This may affect the revenue model of the protocol, as protocol fees could be calculated to be zero in specific scenarios.

Vulnerability Details

In the transferRoyalties function, fees are calculated using integer arithmetic, which can result in zero fees due to truncation when performing division operations. The relevant lines of code are as follows: https://github.com/Cyfrin/2024-10-swan-dria/blob/main/contracts/swan/Swan.sol#L258-L272

Example Scenario:

• Alice lists the NFT for 1000 tokens.

• The buyerAgent address is 0x123 with a 1% royalty.

• The protocol fee is 5%.

buyerFee = ( 1000 * 1 ) / 100 = 10 tokens

driaFee = ( 10 * 5 ) / 100 = 0.5 = 0 tokens (due to rounding)

So, Amount to Buyer Agent= buyerFee − driaFee = 10−0 = 10 tokens.

Amount to Swan Owner = driaFee = 0 tokens.

So, if a buyerAgent has a low royaltyFee then that agent gets the whole buyerFee without giving any fee to the protocol.

Impact

• Loss of Protocol Revenue: If the protocol fee is calculated to be zero, the contract will not transfer any fees to the protocol owner, resulting in a loss of revenue.

• Reduced Trust and Incentive: Continuous occurrences of zero fees could diminish trust among users and stakeholders, potentially impacting the overall adoption and usage of the protocol.

Tools Used

Manual Review

Recommendations

Introduce a Multiplier: Use a constant multiplier to scale the values before performing the division. This approach helps preserve precision during calculations.