search

code-423n4 / 2022-07-swivel-findings

0 stars 1 forks source link

ZcToken.withdraw() and ZcToken.redeem() will always revert when msg.sender != holder. #114

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-07-swivel/blob/fd36ce96b46943026cb2dfcb76dfa3f884f51c18/Creator/ZcToken.sol#L112-L114 https://github.com/code-423n4/2022-07-swivel/blob/fd36ce96b46943026cb2dfcb76dfa3f884f51c18/Creator/ZcToken.sol#L133

Vulnerability details

Impact

ZcToken.withdraw() and ZcToken.redeem() will always revert when msg.sender != holder.

These 2 functions will work only when users withdraw/redeem from their balances.

Proof of Concept

When we check allowance here, it reverts when allowance is greater than required amount.

if (allowed >= previewAmount) {
    revert Approvals(allowed, previewAmount);
}

Tools Used

Solidity Visual Developer of VSCode

Recommended Mitigation Steps

We should fix like below with 2 parts, here and here.

if (allowed < previewAmount) {
    revert Approvals(allowed, previewAmount);
}
JTraversa commented 2 years ago

Duplicate of #129

robrobbins commented 2 years ago

Duplicate of #180. Resolved there

bghughes commented 2 years ago

Duplicate of #129