Closed code423n4 closed 2 years ago
JTraversa
commented
2 years ago I'd consider this admin input sanitization although there may be marginally more centralization risk involved here?
https://github.com/code-423n4/2022-07-swivel#admin-privileges
bghughes
commented
2 years ago I'd consider this admin input sanitization although there may be marginally more centralization risk involved here?
https://github.com/code-423n4/2022-07-swivel#admin-privileges
I agree, this is a nice sanity check to have in place at the admin level but is not Medium Risk IMO. Downgrading to QA
bghughes
commented
2 years ago Grouping this with the warden’s QA report, #92
0xean
commented
2 years ago wardens report is #89
Lines of code
https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/Creator.sol#L30-L44
Vulnerability details
Impact
There is no check when create market. If create with same token, It will create same ZcToken and VaultTraker with different address.
Proof of Concept
https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/Creator.sol#L30-L44
In create, trust all input and just create ZcToken and VaultTraker.
Tools Used
VS Code
Recommended Mitigation Steps
If there is same market exist must revert.