Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Double charging of listing fees

zealousdream572

Summary

Whenever an asset is listed via the list(...)function, transferRoyalties(...)function is called which transfers roaylities to Driaand the selleras seen

function transferRoyalties(AssetListing storage asset) internal {
// calculate fees
uint256 buyerFee = (asset.price * asset.royaltyFee) / 100;
uint256 driaFee = (buyerFee * getCurrentMarketParameters().platformFee) / 100;
//@audit buyer can steal from the protocol, driaFee == 0 due to rounding down.
// first, Swan receives the entire fee from seller
// this allows only one approval from the seller's side
token.transferFrom(asset.seller, address(this), buyerFee);
// send the buyer's portion to them
token.transfer(asset.buyer, buyerFee - driaFee);
// then it sends the remaining to Swan owner
token.transfer(owner(), driaFee);
}

There is also a relist(...)function which allows relisting of the asset by the seller in the event it is not bought.

The relist(...)function as well calls transferRoyalties(...)which again transfers royalities. This is double charging fo an asset that was not sold.

Vulnerability Details

Given that there is transfer of royalties again via transferRoyalties(....)function, it means that users will be double charging any time they relist unbought items which was already charged upon the first listing.

Impact

Double charging of royalties.

Tools Used

Recommendations

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.