Dria

Summary

Updating the SwanManager:marketParameters automatically restarts the round for the BuyerAgents. If they've already made a oraclePurchaseReuest through -> BuyerAgent::oraclePurchaseRequest, all of the fees paid could go for nothig, since on calling the BuyerAgent::purchase function , there is a check for the current round, and if the purchase request is made in a previous round is not taken in consideration.

Vulnerability Details

The round counter skips the entire round when there is a change in the market paramters -> SwanManager::setMarketParameters.
https://github.com/Cyfrin/2024-10-swan-dria/blob/c8686b199daadcef3161980022e12b66a5304f8e/contracts/swan/BuyerAgent.sol#L334
The getRoundPhase function calculates the round in a way such as if the last element of the marketParams array was changed, it causes the round counter to skip the current round. If the last element of the array is changed, the current round is calculated based on the difference in timestamps, potentially skipping big part of a round if parameters are updtated in between rounds.
Additionally, in the BuyerAgent::purchase function, buyers are restricted to the current round's parameters and cannot select from previous rounds, leaving them unable to act when market parameters change, leaving all of the fees paid for the oraclePurchaseRequest without getting any benefit from it.

Impact

When market parameters are updated skipping directly to a new round, users could lose buying opportunities in which they've already invested some funds. It reduces flexibility for the buyer and can result in inefficiencies or frustration when rounds are skipped.

Tools Used

Manual Review

Recommendations

Give opportunity to BuyerAgent owners to purchase listed items, based on oracle data they've purchased in previous rounds.