Dria

Summary

The protocol assumes ERC20 transfers revert on failure but some tokens (like ZRX, EURS) return false instead, leading to potential silent failures and loss of funds across multiple critical functions.

Vulnerability Details

Multiple contracts in Swan protocol use unchecked ERC20 transfers:

https://github.com/Cyfrin/2024-10-swan-dria/blob/main/contracts/swan/Swan.sol#L298

https://github.com/Cyfrin/2024-10-swan-dria/blob/main/contracts/llm/LLMOracleCoordinator.sol#L171

https://github.com/Cyfrin/2024-10-swan-dria/blob/main/contracts/llm/LLMOracleRegistry.sol#L106

Some ERC20 tokens like [ZRX](https://etherscan.io/address/0xe41d2489571d322189246dafa5ebde1f4699f498#code) and EURS implement transfers differently:

• They return false on failure instead of reverting

• The return value is not checked in any of these functions

• This leads to silent failures where the code continues executing even though transfers failed

Impact

• Financial Loss:

  • Sellers could lose NFTs without receiving payment

  • Buyers could lose access to services without actual token transfer

  • Protocol fees not actually collected

  • Oracle rewards not paid properly

  • Any can register as generator or validator in LLMOracleRegistery without paying a penny and unregister to claim others stake.

• State Inconsistency:

  • Asset ownership changes while payments fail

  • Incorrect balance tracking

  • Failed stake deposits still register oracles

• Affected Functions:

  • Listing creation (royalty payments)

  • Asset purchases

  • Oracle registration

  • Reward distributions

  • Withdrawals

Tools Used

Manual Review

Recommendations

Here are few recommendations -

• Use safeTransferFrom, safeTransfer from openzeppelin instead of transfer / transferfrom in affected functions.

• check balance of contract before and after call to ensure it has received / sent correct amount