Incorrect check in `ZcToken.withdraw` and `ZcToken.redeem` leads to underlying tokens not being able to be transferred

[code423n4]

Lines of code

https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/ZcToken.sol#L112-L115 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Creator/ZcToken.sol#L133-L134

Vulnerability details

Incorrect check in ZcToken.withdraw and ZcToken.redeem leads to underlying tokens not being able to be transferred

In both ZcToken.withdraw and ZcToken.redeem, in the case where holder != msg.sender, a check of the msg.sender's ZcToken allowance is performed. But the functions revert if the allowance is larger than the amount of tokens being redeemed. So the call only goes to the next step if allowance[holder][msg.sender] < principalAmount, which would then make the following line revert. In conclusion, the functions will always revert in this case, meaning an approved caller will never be able to redeem the desired amount of underlying tokens.

Impact

High

Mitigation

Change the allowance checks:

-112:             if (allowed >= previewAmount) {
+112:             if (allowed < previewAmount) {
113:                 revert Approvals(allowed, previewAmount);
114:             }

-133:             if (allowed >= principalAmount) { revert Approvals(allowed, principalAmount); }
+133:             if (allowed < principalAmount) { revert Approvals(allowed, principalAmount); } 

[JTraversa]

Duplicate of #129

[robrobbins]

addressed here: https://github.com/Swivel-Finance/gost/pull/409