Dria

Swan

NFTHardhat

21,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Improper Time Calculation in BuyerAgent’s getRoundPhase Function Causes Inaccurate Phase Tracking and Potential Fund Access Issues

pelz

Summary

The getRoundPhase function in the BuyerAgent contract uses an incorrect calculation for elapsed time, where idx + 1 is mistakenly utilized to determine time differences between market parameters. This issue leads to incorrect phase calculations, potentially affecting key contract operations tied to specific time-based logic. As a result, phases that control purchasing, withdrawals, or other round-specific operations may yield inaccurate data, which could restrict user actions or misalign phase-based events.

Vulnerability Details

The vulnerability arises from the use of idx + 1 in calculating the elapsed time for determining the current phase. Specifically, the function utilizes marketParams[idx + 1].timestamp to compute the difference in time from createdAt, which does not accurately capture the intended elapsed time. This calculation flaw can lead to inaccurate round and phase data, resulting in disruptions across the contract’s functionalities that depend on precise time tracking.

Code Snippet

function getRoundPhase() public view returns (uint256, Phase, uint256) {

SwanMarketParameters[] memory marketParams = swan.getMarketParameters();

if (marketParams.length == marketParameterIdx + 1) {

return _computePhase(marketParams[marketParameterIdx], block.timestamp - createdAt);

} else {

uint256 idx = marketParameterIdx;

// Vulnerable code: Incorrect timestamp reference

(uint256 round,,) = _computePhase(marketParams[idx], marketParams[idx + 1].timestamp - createdAt);

idx++;

...

}

Impact

The incorrect calculation leads to erroneous phase determinations, disrupting operations that rely on the accurate sequencing of contract rounds. This discrepancy affects:

Purchasing and Withdrawal: Users may be unable to initiate purchases or withdrawals as expected, particularly if the contract enforces strict timing conditions.
Funds Accessibility: In cases where the contract locks or restricts funds based on specific phases, the miscalculated phases may prevent legitimate fund access, potentially resulting in unintentional funds lockup.

Recommendation

To fix this issue, modify the calculation to use the correct timestamps that accurately represent elapsed time without referencing idx + 1 inappropriately. Ensuring idx points to the current relevant market parameter should eliminate this discrepancy:

Update the getRoundPhase function to use the correct marketParams[idx].timestamp.
Refactor _computePhase invocations to reflect accurate elapsed time computations, aligning phase logic with intended market conditions.

Updates

Lead Judging Commences

inallhonesty Lead Judge

10 months ago

inallhonesty Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

21,000 USDC

nSLOC

1,034

20 USDC / LOC

High Medium

20,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.