Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

No Input Validation in the getRoundPhase() function.

Oppenheimer

Summary

The function getRoundPhase() lacks fundamental input validation checks for market parameters and indices, potentially leading to unhandled exceptions and system vulnerabilities. It doesn't check if marketParameterIdx is valid and no verification if marketParams array is empty and this could cause unexpected reverts and lost gas.

Vulnerability Details

https://github.com/Cyfrin/2024-10-swan-dria/blob/main/contracts/swan/BuyerAgent.sol#L334-#L362.

function getRoundPhase() public view returns (uint256, Phase, uint256) {
SwanMarketParameters[] memory marketParams = swan.getMarketParameters();
if (marketParams.length == marketParameterIdx + 1) {
// if our index is the last market parameter, we can simply treat it as a single instance,
// and compute the phase according to the elapsed time from the beginning of the contract.
return _computePhase(marketParams[marketParameterIdx], block.timestamp - createdAt);
}

This vulnerability exist because there is no bounds checking for marketParameterIdx, missing array emptiness validation
and there is an absence of parameter sanity checks.

Impact

This vulnerability causes transaction failures after gas consumption, potential system halts from invalid indices and unexpected reverts causing user losses.

Tools Used

Manual code review

Recommendations

Add input validation

function getRoundPhase() public view returns (uint256, Phase, uint256) {
+ SwanMarketParameters[] memory marketParams = swan.getMarketParameters();
+ require(marketParameterIdx < marketParams.length, "Invalid market parameter index");
+ require(marketParams.length > 0, "No market parameters");
Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.