Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Phase Check Bypass in Swan Contract by BuyerAgent

0xekkoo

Summary

A critical vulnerability exists within the interaction between the BuyerAgent and Swan contracts, allowing the BuyerAgent to bypass phase checks and purchase assets outside of the designated buy phase.

Vulnerability Details

The BuyerAgent contract has a purchase function designed to check that the transaction is occurring within the buy phase of the market cycle before proceeding with the purchase. This is done via the _checkRoundPhase(Phase.Buy) function which confirms it's the correct phase for buying.

function purchase() external onlyAuthorized {
// check that we are in the Buy phase, and return round
(uint256 round,) = _checkRoundPhase(Phase.Buy);
}

The Swan contract's purchase function does not independently verify the market phase but only checks if the caller (msg.sender) is the intended buyer of the asset:

function purchase(address _asset) external {
AssetListing storage listing = listings[_asset];
// asset must be listed to be purchased
if (listing.status != AssetStatus.Listed) {
revert InvalidStatus(listing.status, AssetStatus.Listed);
}
// Purchase logic...
}

The vulnerabiity arises when the BuyerAgent directly calls the purchase function in the Swan contract bypassing the Phase Check.

Impact

The BuyerAgent can potentially initiate purchases at any time, bypassing business logic meant to restrict purchases to specific market phases.

Tools Used

Manual Review

Recommendations

Implement phase checks within the Swan contract to prevent actions during inappropriate phases.

Updates

Lead Judging Commences

inallhonesty Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.