Dria

Swan

NFTHardhat

21,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

High-Priced Assets Trigger Reverts in BuyerAgent::purchase() Function, Blocking Affordable Purchases

killua

Summary

The purchase() function logic currently does not attempt to maximize asset purchases within the spending limit.

Vulnerability Details

In the purchase() function, assets are purchased in the order they are returned by the oracle without any sorting by price. If a high-priced asset appears early in the list, it can quickly cause spendings[round] to exceed amountPerRound, resulting in a revert.
This behavior can prevent other assets, which might be within budget, from being purchased. Thus, a high-priced asset early in the list can effectively deny service, causing repeated transaction failures even when other affordable assets are present.

Impact

Denial of Service (DoS): The current implementation is susceptible to a denial-of-service-like behavior where a high-priced asset can block the purchase of other assets that are within budget.
Increased Gas Costs: Users may face increased gas costs due to repeated failed transactions when high-priced assets cause the spending limit to be exceeded.

Tools Used

Manual code review

Recommendations

Skip Expensive Assets: Can try to skip assets that would exceed spending limit and try to purchase other assets, this will allow maximising asset purchases without reverts.

for (uint256 i = 0; i < assets.length; i++) {

address asset = assets[i];

uint256 price = swan.getListingPrice(asset);

// Skip asset if it exceeds budget

if (spendings[round] + price > amountPerRound) {

continue; // Skip this asset and move on to the next

}

// Proceed with purchase if within budget

spendings[round] += price;

inventory[round].push(asset);

swan.purchase(asset);

}

Can Sort assets by price : This would maximise the number of assets that can be purchased within the amountPerRound limit.

// Sort assets by price before attempting to purchase

assets.sort((a, b) => swan.getListingPrice(a) < swan.getListingPrice(b));

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Known issue

Prize pool breakdown

Total prize

21,000 USDC

nSLOC

1,034

20 USDC / LOC

High Medium

20,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.