search

code-423n4 / 2022-07-swivel-findings

0 stars 1 forks source link

ISwivel.authRedeem() doesn't have an implementation in Swivel.sol #151

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-07-swivel/blob/fd36ce96b46943026cb2dfcb76dfa3f884f51c18/Marketplace/Interfaces.sol#L52 https://github.com/code-423n4/2022-07-swivel/blob/fd36ce96b46943026cb2dfcb76dfa3f884f51c18/Swivel/Swivel.sol#L620

Vulnerability details

Impact

ZcToken.withdraw() and ZcToken.redeem() will always revert because Swivel.sol doesn't contain authRedeem() function.

Proof of Concept

ZcToken.withdraw() and ZcToken.redeem() call MarketPlace.authRedeem() and ISwivel(swivel).authRedeem isn't implemented. I think Swivel.authRedeemZcToken() is for this option but function names are different.

Tools Used

Manual Review

Recommended Mitigation Steps

Recommend changing Swivel.authRedeemZcToken() into Swivel.authRedeem().

ghost commented 2 years ago

Dup of https://github.com/code-423n4/2022-07-swivel-findings/issues/186

Picodes commented 2 years ago

Dup of #87

JTraversa commented 2 years ago

Duplicate of #39

bghughes commented 2 years ago

Duplicate of #39