Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

In `Swan.sol` old `buyerFee` must be returned to seller when `relist` function is called. Since item is not sold .

0x11singh99

Vulnerability Details :

When Swan::list function is called at that time a royaltyFee % of total asset price as buyerFee is transferred from seller to Swan contract by calling transferRoyalties function in list function.
But when seller relist that same asset since it is not sold yet, then buyerFee is again transferred from seller account but old buyerFee which was transferred at the time of listing not returned to seller. Even though asset was not sold previously the fee is cut from seller unnecessary which is the extra deduction from seller account.

relist function

// add this to list of listings for the buyer for this round
assetsPerBuyerRound[_buyer][round].push(_asset);
// transfer royalties
transferRoyalties(listings[_asset]);
emit AssetRelisted(msg.sender, _buyer, _asset, _price);

transferRoyalties

function transferRoyalties(AssetListing storage asset) internal {
// calculate fees
uint256 buyerFee = (asset.price * asset.royaltyFee) / 100;
uint256 driaFee = (buyerFee * getCurrentMarketParameters().platformFee) / 100;
// first, Swan receives the entire fee from seller
// this allows only one approval from the seller's side
token.transferFrom(asset.seller, address(this), buyerFee);

list

Impact

Extra fees cut from seller account when he want to relist the asset.

Recommendation

First return the old buyerFee to seller which was came at the time of listing at the time of relisting and then transfer new fees from seller.

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.