Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Some amount of funds will always be stuck in BuyerAgent

0rpseqwe

Summary

In order to participate in the protocol users have to provide funds to their BuyerAgents. As there exists no functionality to withdraw all of the funds, some amount of funds will always be stuck in BuyerAgents.

Vulnerability Details

In BuyerAgent.sol, the only way users can pull funds out of their agents is by calling withdraw function:

function withdraw(uint96 _amount) public onlyAuthorized {
(, Phase phase,) = getRoundPhase();
// if we are not in Withdraw phase, we must leave
// at least minFundAmount in the contract
if (phase != Phase.Withdraw) {
// instead of checking `treasury - _amount < minFoundAmount`
// we check this way to prevent underflows
@>if (treasury() < minFundAmount() + _amount) {
revert MinFundSubceeded(_amount);
}
}
// transfer the tokens to the owner of Buyer
swan.token().transfer(owner(), _amount);
}

This if check prevents users from withdrawing the full amount of tokens out of agents, and as there is no other way of withdrawing tokens, users will not be able to withdraw their funds fully if they want to quit participating.

Impact

Some amount of funds will always be stuck in BuyerAgents.

Recommendations

Add a functionality to let users withdraw all of their funds from BuyerAgents.

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.