Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Misleading use of AssetLimitExceeded Error

johny7173

Summary

The AssetLimitExceeded error in the Swan contract is inconsistently used, leading to confusion and potential misinterpretation by developers and users. In one instance, the error correctly includes the limit value, but in another, it incorrectly includes the current count of assets. This inconsistency can cause misunderstandings about the actual asset limit, potentially resulting in failed transactions or incorrect handling in applications that interact with the contract.

Vulnerability Details

The Swan contract defines an error to indicate when the asset count limit for a round has been exceeded:

/// @notice Asset count limit exceeded for this round
error AssetLimitExceeded(uint256 limit);

This error expects the limit parameter, representing the maximum number of assets allowed per round (maxAssetCount).

Correct Usage in list Function:

In the list function, the error is used correctly. The function checks if the number of assets listed for a buyer in the current round has reached the maxAssetCount limit:

function list(...) external {
...
if (getCurrentMarketParameters().maxAssetCount == assetsPerBuyerRound[_buyer][round].length) {
revert AssetLimitExceeded(getCurrentMarketParameters().maxAssetCount);
}
...
}

Here, if the asset count equals the maximum allowed, the function reverts with AssetLimitExceeded(getCurrentMarketParameters().maxAssetCount);, correctly passing the limit.

Incorrect Usage in relist Function:

In contrast, the relist function uses the error incorrectly:

function relist(address _asset, address _buyer, uint256 _price) external {
...
uint256 count = assetsPerBuyerRound[_buyer][round].length;
if (count >= getCurrentMarketParameters().maxAssetCount) {
revert AssetLimitExceeded(count); // Incorrect: should pass the limit, not the count
}
...
}

Here, when the count exceeds the maxAssetCount, the function incorrectly reverts with AssetLimitExceeded(count);, passing the current count of assets instead of the limit.

Impact

The inconsistent use of the AssetLimitExceeded error can cause:

  • Misinterpretation of Error Messages: Developers and users may misunderstand the actual asset limit, leading to incorrect assumptions and potentially flawed application logic.

  • Failed Transactions: Users may experience unexpected transaction failures without clear understanding, resulting in poor user experience.

  • Protocol Misuse: Applications interacting with the contract might handle the error improperly, causing bugs or vulnerabilities in downstream systems.

Tools Used

Manual Review

Recommended Mitigation

To resolve this issue, ensure that the AssetLimitExceeded error consistently includes the limit value. Specifically, update the relist function to pass the correct parameter:

Modify the relist Function:

function relist(address _asset, address _buyer, uint256 _price) external {
...
uint256 count = assetsPerBuyerRound[_buyer][round].length;
if (count >= getCurrentMarketParameters().maxAssetCount) {
- revert AssetLimitExceeded(count);
+ revert AssetLimitExceeded(getCurrentMarketParameters().maxAssetCount);
}
...
}

By passing getCurrentMarketParameters().maxAssetCount to the AssetLimitExceeded error, you ensure consistency across the contract.

Updates

Lead Judging Commences

inallhonesty Lead Judge 9 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Wrong error message in relist()::Swan.sol

Appeal created

robertodf99 Auditor
9 months ago
ljj Auditor
9 months ago
inallhonesty Lead Judge
9 months ago
inallhonesty Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Wrong error message in relist()::Swan.sol

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.