Open code423n4 opened 2 years ago
why would the approve fail? are you talkin overflow / underflow? seems unlikely.
even if it did I believe we want all or nothing. in if around it would possible put the end state into some partial success wierdness
Low
Admin can accidentally be set to an invalid address, resulting in loss of control of the Swivel contract.
The current admin of the swivel contract can accidentally transfer ownership to an invalid adddress.
Recommended mitigation:
There is 1 instance of this issue:
https://github.com/code-423n4/2022-07-swivel/blob/main/Swivel/Swivel.sol#L427-L432
approveUnderlying
reverts prematurely after encountering the first unapproved underlying tokenThe function
approveUnderlying
reverts prematurely when thefor
-loop encounters the first unapproved underlying token when bulk-approving compound token. This makes theapproveUnderlying
function useless if there are any unapproved underlying tokens.Low severity as this function is for convenience, and the same operations can be performed using other contract functions.
Recommended mitigation:
if
statement to run lines 560-565 when the underlying token is approved, otherwise do nothing.There is 1 instance of this issue:
https://github.com/code-423n4/2022-07-swivel/blob/main/Swivel/Swivel.sol#L552-L566
Non-critical
Incorrect comments
There are 2 instances of this issue:
https://github.com/code-423n4/2022-07-swivel/blob/main/Swivel/Swivel.sol#L482-L483
https://github.com/code-423n4/2022-07-swivel/blob/main/Swivel/Swivel.sol#L531-L533