Closed code423n4 closed 2 years ago
https://github.com/code-423n4/2022-07-swivel/blob/fd36ce96b46943026cb2dfcb76dfa3f884f51c18/Creator/ZcToken.sol#L112-L114 https://github.com/code-423n4/2022-07-swivel/blob/fd36ce96b46943026cb2dfcb76dfa3f884f51c18/Creator/ZcToken.sol#L133
ZcToken.withdraw() and ZcToken.redeem() will always revert when msg.sender != holder.
These 2 functions will work only when users withdraw/redeem from their balances.
When we check allowance here, it reverts when allowance is greater than required amount.
if (allowed >= previewAmount) { revert Approvals(allowed, previewAmount); }
Solidity Visual Developer of VSCode
We should fix like below with 2 parts, here and here.
if (allowed < previewAmount) { revert Approvals(allowed, previewAmount); }
Duplicate of #129
Duplicate of #180. Resolved there
Lines of code
https://github.com/code-423n4/2022-07-swivel/blob/fd36ce96b46943026cb2dfcb76dfa3f884f51c18/Creator/ZcToken.sol#L112-L114 https://github.com/code-423n4/2022-07-swivel/blob/fd36ce96b46943026cb2dfcb76dfa3f884f51c18/Creator/ZcToken.sol#L133
Vulnerability details
Impact
ZcToken.withdraw() and ZcToken.redeem() will always revert when msg.sender != holder.
These 2 functions will work only when users withdraw/redeem from their balances.
Proof of Concept
When we check allowance here, it reverts when allowance is greater than required amount.
Tools Used
Solidity Visual Developer of VSCode
Recommended Mitigation Steps
We should fix like below with 2 parts, here and here.