Dria

Summary

The BuyerAgent contract can directly execute purchases without the intended preliminary oracle interaction oraclePurchaseRequest, which is designed to determine the best asset to purchase based on oracle-generated data. This bypass can avoid necessary fees and potentially undermine the oracle's role in asset selection, leading to unauthorized asset acquisitions.

Vulnerability Details

In the intended protocol workflow:

1. The buyer is supposed to initiate an oracle purchase request by calling the oraclePurchaseRequest function in the BuyerAgent contract. This function interacts with an oracle to generate a task ID and incurs fees associated with generating and validating oracle responses.

2. Post oracle validation, the buyer uses the results to make informed purchases through the purchase function which should ideally confirm the oracle's recommendations.

Bypass Mechanism:

The BuyerAgent can call the purchase function on the Swan contract directly, bypassing the oraclePurchaseRequest. This direct call skips the oracle interaction, avoiding fees and potentially selecting any assets listed to the buyer agent.

Impact

By skipping the oraclePurchaseRequest, the BuyerAgent avoids paying the associated oracle fees, which could defeat the intended business logic of the protocol. Also, the BuyerAgent can purchase any assets he wants.

Tools Used

Manual Review

Recommendations

Modify the Swan contract to verify that an asset purchase is being made based on a valid, processed oracle task ID associated with the BuyerAgent.