Dria

Swan

NFTHardhat

21,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Analysis of _computePhase Function and Phase Interval Adjustments in BuyerAgent Contract

newspacexyz

Summary

The _computePhase function in the BuyerAgent contract is designed to manage the lifecycle of buying assets by defining three phases in a cycle: Sell, Buy, and Withdraw. The function calculates the current phase based on elapsed time and the interval parameters (sellInterval, buyInterval, and withdrawInterval). The existing implementation causes the Sell phase to extend by 1 unit and the Withdraw phase to reduce by 1 unit due to the use of <= in the Sell phase check. This audit identifies the impact of this discrepancy and recommends code adjustments to align phase durations with specified intervals.

Vulnerability Details

Phase Timing Discrepancy:
- Sell Phase Extension: The Sell phase lasts for params.sellInterval + 1 units due to the <= condition, allowing users more time in this phase than intended.
- Withdraw Phase Reduction: The Withdraw phase is shortened by 1 unit because it starts immediately after the Buy phase ends, accounting for the extra unit in the Sell phase.
Potential Timing Inconsistencies:
- These timing discrepancies may impact user interactions or the contract's performance if phase-specific actions are dependent on exact timing. For example, users might expect consistent durations for each phase and could be affected by the extended Sell and reduced Withdraw durations.

Impact

The impact of the Sell interval extension and Withdraw interval reduction includes:

User Confusion: Users may find it challenging to plan actions if they rely on the specified durations and the contract behavior deviates from expectations.
Operational Risks: If external systems or functions depend on precise timing for each phase, the unintended phase duration changes could disrupt or delay these processes.

Tools Used

Recommendations

To ensure that each phase duration aligns with its specified interval:

Update the Sell Interval Check:
- Replace the <= condition with < to ensure the Sell phase duration is precisely params.sellInterval.

- if (roundTime <= params.sellInterval) {

+ if (roundTime < params.sellInterval) {

return (round, Phase.Sell, params.sellInterval - roundTime);

} else if (roundTime < params.sellInterval + params.buyInterval) {

return (round, Phase.Buy, params.sellInterval + params.buyInterval - roundTime);

} else {

return (round, Phase.Withdraw, cycleTime - roundTime);

}

Retest Phase Transitions:

After modifying the code, test the phase transitions thoroughly to verify that each phase duration matches the expected intervals. This should include testing different elapsed times and edge cases to confirm phase boundary behavior.

Documentation Update:

Update any documentation to reflect these changes and clarify the expected durations for each phase to ensure users are aware of the contract's behavior.

Conclusion: Implementing these recommendations will correct the timing discrepancies in the _computePhase function, ensuring consistent durations for each phase as specified by sellInterval, buyInterval, and withdrawInterval.

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Phase timing in `_computePhase`

Prize pool breakdown

Total prize

21,000 USDC

nSLOC

1,034

20 USDC / LOC

High Medium

20,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.