Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Market Parameter Updates Can Disrupt Buyer Agent Rounds and Cause Loss of Royalty Fees

m4k2xmk

Relevant Context

The Swan protocol operates on a round-based system where each round has three phases: Sell, Buy, and Withdraw. During the Sell phase, sellers can list assets to buyer agents and pay royalty fees. The buyer agents can then purchase these assets during the Buy phase.

The timing of these phases is controlled by market parameters stored in the Swan contract, which can be updated over time. The BuyerAgent contract tracks rounds and phases using the getRoundPhase() function.

Finding Description

The getRoundPhase() function in BuyerAgent has a critical flaw in how it handles market parameter updates. When new market parameters are pushed to the Swan contract, all buyer agents effectively have their phases reset to the Sell phase, as the function treats this as the start of a new round based on the new market parameters' timestamp.

The root cause is in how the final phase calculation is done in getRoundPhase(). When computing the current phase for the latest market parameters, it uses the timestamp difference from the new parameters, effectively resetting the phase timing:

// for last element we need to compute current phase and timeRemaining according
// to the elapsedTime at the last iteration, where we need to compute from the block.timestamp:
// createdAt | ... | ... | VVV -|- block.timestamp
@> (uint256 lastRound, Phase phase, uint256 timeRemaining) =
_computePhase(marketParams[idx], block.timestamp - marketParams[idx].timestamp);
// accumulate the last round as well, along with a single offset round
round += lastRound + 1;

This creates a scenario where sellers can pay royalty fees to list assets to a buyer agent during the Sell phase, but if market parameters are updated before the Buy phase begins, the round effectively ends prematurely. The buyer agent never gets the opportunity to purchase the listed assets, and the sellers lose their royalty fees without any possibility of a sale.

Impact Explanation

Medium. This issue directly causes financial loss to sellers who pay royalty fees but lose the opportunity to sell their assets due to the premature round termination. The impact is amplified because:

  1. Sellers have no way to predict or prevent this situation

  2. The lost royalty fees cannot be recovered

  3. This affects all buyer agents system-wide when parameters are updated

Likelihood Explanation

Medium. While market parameter updates may not be frequent, when they do occur, this issue will affect all sellers who listed assets during the Sell phase immediately preceding the update. The likelihood increases with:

  1. More frequent market parameter updates

  2. Higher number of active buyer agents

  3. Higher volume of listings near parameter update times

Proof of Concept

  1. Alice lists an asset to BuyerAgent1 during Sell phase, paying 5% royalty fee

  2. Before Buy phase begins, Swan admin updates market parameters

  3. getRoundPhase() treats this as a new round starting with Sell phase

  4. BuyerAgent1 never enters Buy phase for the previous round

  5. Alice's asset is never purchasable in the round associated and her royalty fee is lost

Recommendation

The protocol could implement a refund mechanism to reimburse sellers who lose royalty fees due to market parameter updates.

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Appeal created

m4k2xmk Submitter
8 months ago
inallhonesty Lead Judge
8 months ago
inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.