Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing validation input of the `amountPerRound` when creating a `BuyerAgent` contract through the `Swan::createBuyer` function

4th05

Relevant GitHub Links

https://github.com/Cyfrin/2024-10-swan-dria/blob/main/contracts/swan/Swan.sol#L326-L337

https://github.com/Cyfrin/2024-10-swan-dria/blob/main/contracts/swan/Swan.sol#L326-L337

https://github.com/Cyfrin/2024-10-swan-dria/blob/main/contracts/swan/BuyerAgent.sol#L120-L134

Summary

It is possible to create a BuyerAgent contract through the Swan::createBuyer function with amountPerRound == 0 which would not allow it to use the protocol at all

Vulnerability Details

There is not input validation on the amountPerRound provided by the user when creating a BuyerAgent through the Swan::createBuyer.

Impact

A BuyerAgent created with amountPerRound == 0 would not be able to buy any asset using the protocol being, this way, useless.

Tools Used

Manual review

Recommendations

constructor(
string memory _name,
string memory _description,
uint96 _royaltyFee,
uint256 _amountPerRound,
address _operator,
address _owner
) Ownable(_owner) {
if (_royaltyFee < 1 || _royaltyFee > 100) {
revert InvalidFee(_royaltyFee);
}
+ require (_amountPerRound>0, "amountPerRound==0")
royaltyFee = _royaltyFee;
swan = Swan(_operator);
amountPerRound = _amountPerRound;
name = _name;
description = _description;
createdAt = block.timestamp;
marketParameterIdx = swan.getMarketParameters().length - 1;
// approve the coordinator to take fees
// a max approval results in infinite allowance
swan.token().approve(address(swan.coordinator()), type(uint256).max);
swan.token().approve(address(swan), type(uint256).max);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.