Dria

Summary

Swan's purchase mechanism where state changes occur before external interactions, potentially leading to asset theft and locked funds.

Looking at the purchase() function in Swan.sol, there are multiple external calls:

1. Token transfers via transferFrom()

2. NFT transfers via transferFrom()

The key issue is in the token transfer sequence:

The bug is that the contract updates the asset status to "Sold" before performing the transfers:

This violates the CEI (Checks-Effects-Interactions) pattern since the state is updated before external calls.

Vulnerability Details

The purchase() function in Swan.sol: https://github.com/Cyfrin/2024-10-swan-dria/blob/c3f6f027ed51dd31f60b224506de2bc847243eb7/contracts/swan/Swan.sol#L276-L302

This is dangerous for the protocol because:

1. State changes occur before external interactions, violating CEI pattern

2. Multiple dependent transfers create points of failure

3. Asset ownership could change without payment completing

4. Failed transfers would leave the contract in an inconsistent state

5. No way to revert the status change if transfers fail

The sequence of operations should be:

1. Execute all transfers

2. Verify success

3. Update state

4. Emit event

This vulnerability could lead to asset theft or locked assets if exploited.

• Any failed transfer will trigger this vulnerability

• Multiple external calls increase failure probability

Impact

1. Assets can be marked as sold without payment completing

2. Seller loses NFT without receiving payment if token transfer fails

3. Contract state becomes inconsistent with actual ownership

4. No way to revert the status change

Tools Used

Manual Review

Recommendations

Consider implementing atomic swaps or escrow mechanism to ensure asset and payment transfers occur atomically.