Dria

Summary

Each time the marketParams is updated, the size of Swan::marketParameters grows, causing the gas costs for BuyerAgent::getRoundPhase (existing BuyerAgent contracts) calculations to increase.

Vulnerability Details

The BuyerAgent::getRoundPhase function calculates the current round inefficiently. It stores only the index of the last element in the Swan::marketParameters array at the time of the contract deployment. For each update to the marketParameters array, the function iterates through all elements added since the contract's deployment to compute the current round. As the array grows, this looping becomes increasingly expensive, posing a risk of excessive gas consumption for users, potentially leading to a denial-of-service (DoS) scenario.

Impact

As the Swan::marketParameters array grows, the cost of calling functions depending on BuyerAgent::getRoundPhase (almost all of the functions in the BuyerAgent contract, including the list and relist functions in Swan.sol) becomes significantly more expensive. This could discourage users from listing with older BuyerAgents due to the high cost of calculating their current round. Eventually, this inefficiency could lead to DoS vulnerabilities for those contracts.

Tools Used

Manual Review

Recommendations

Each time BuyerAgent::getRoundPhase is called, if there's an update in the Swan::marketParameters array, the BuyerAgent contract should account for the changes. A separate non-view function could be introduced to handle these updates and reduce the cost of recalculating rounds on every call.