Closed code423n4 closed 2 years ago
https://github.com/code-423n4/2022-07-swivel/blob/fd36ce96b46943026cb2dfcb76dfa3f884f51c18/Marketplace/Interfaces.sol#L52 https://github.com/code-423n4/2022-07-swivel/blob/fd36ce96b46943026cb2dfcb76dfa3f884f51c18/Swivel/Swivel.sol#L620
ZcToken.withdraw() and ZcToken.redeem() will always revert because Swivel.sol doesn't contain authRedeem() function.
ZcToken.withdraw() and ZcToken.redeem() call MarketPlace.authRedeem() and ISwivel(swivel).authRedeem isn't implemented. I think Swivel.authRedeemZcToken() is for this option but function names are different.
Manual Review
Recommend changing Swivel.authRedeemZcToken() into Swivel.authRedeem().
Dup of https://github.com/code-423n4/2022-07-swivel-findings/issues/186
Dup of #87
Duplicate of #39
Lines of code
https://github.com/code-423n4/2022-07-swivel/blob/fd36ce96b46943026cb2dfcb76dfa3f884f51c18/Marketplace/Interfaces.sol#L52 https://github.com/code-423n4/2022-07-swivel/blob/fd36ce96b46943026cb2dfcb76dfa3f884f51c18/Swivel/Swivel.sol#L620
Vulnerability details
Impact
ZcToken.withdraw() and ZcToken.redeem() will always revert because Swivel.sol doesn't contain authRedeem() function.
Proof of Concept
ZcToken.withdraw() and ZcToken.redeem() call MarketPlace.authRedeem() and ISwivel(swivel).authRedeem isn't implemented. I think Swivel.authRedeemZcToken() is for this option but function names are different.
Tools Used
Manual Review
Recommended Mitigation Steps
Recommend changing Swivel.authRedeemZcToken() into Swivel.authRedeem().