Summary

A malicious attacker will list the assets with the _price > amountPerRound to DoS buyerAgent purchase()

Vulnerability Details

Code:

https://github.com/Cyfrin/2024-10-swan-dria/blob/c8686b199daadcef3161980022e12b66a5304f8e/contracts/swan/Swan.sol#L157

Currently in the list() functions the lister's can able to list the assets to buyerAgent with anyprice they want. A bad actor will list for the buyerAgent with _price > amountPerRound . Due to this if this seller`s asset is good or this asset is included in the assets array in BuyerAget.sol::purchase() then the buyerAgent cannot able to purchase NFTs for that particular round because of BuyLimitExceeded.

Attack Scenario:

1. Alice has buyerAgent contract is now in Sell Phase to accept the listings

2. Some lister's listed the assets for Alice buyerAgent contract by paying listing fees

3. Bob will list for Alice buyerAgent contract with _price > amountPerRound

4. if Bob's assets is included in assetsarray in BuyerAgent::purchase() then buyerAgent can't purchase assets as BuyLimitExceeded.

Impact

Due to this Geneuine buyerAgents will badly impacted and can't able to buy any asset in that particular round. The lister's in that round who listed for that buyerAgent also impacted due to this as they also spent fee's to list assets and now their assets are no more bought by buyerAgent.

Tools Used

Manual Inspection

Recommendations

Implement necessary checks and designs so that _price should not greater than amountPerRound while listing. Also that price should not impact the buyerAgents to purchase the assets in BuyerAgent::purchase() to avoid BuyLimitExceeded error.