Closed code423n4 closed 2 years ago
I am not 100% sure what this issue is trying to say but my interpretation is that the issue notices the wrong sign for >=
when calculating allowances though the market conditions argument is very shaky. If most of this argument is ignored and the core issue is left then this is essentially a duplicate of #180
I dont think thats what the report here is, and instead its a discussion around the precision accuracy when exchangeRates are high/low and the amounts are low.
That said I'm disputing given:
I agree that this would have been better off as a duplicate of #180 and that this precision claim is esoteric @scaraven @JTraversa.
Moreover, warden I find your argument and math here hard to follow and it uses a ton of arbitrary hard-coded, 1 wei values which seem highly unlikely / impossible to ever occur. Gonna downgrade this to QA as it feels like an edge case and #180 got the real issue here IMO.
Grouping this with the warden’s QA report, #104
Lines of code
https://github.com/code-423n4/2022-07-swivel/blob/67c6900222cc4045d7fe2227a1ea73e0251374ed/Creator/ZcToken.sol#L115
Vulnerability details
details
if previewAmount is large number but holder only gives a certian amount to msg.sender then msg.sender cant withdraw there tokens
previewAmount
is below caluclatedproof of concept
all this depends on market conditions or an attacker can effect market conditions before that makes this possible but in any case this is possible and cause users tyring to withdraw there tokens/allowance to get reverted and it will cause there tokens to get stuck in the contract until market conditions are better. ex:
and the function will revert so if maturityRate is down and exchage rate is down for that token then this grefing is very possible.
Recommended Mitigation Steps
only allow the allowacne to get withdrawed ex: alllowed == preivewAmount { previeeAmount=allowed then withdraw that } if allowed is less then previewAmount revert because there is not engough to revert in this case just make allowed=preivemamount so just incase a users can withdraw with there allowance.