search

code-423n4 / 2022-07-swivel-findings

0 stars 1 forks source link

IF A SINGLE ORDER FAILS, THE WHOLE FUNCTION REVERTS #191

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-07-swivel/blob/main/Tokens/Erc20.sol#L78-L84

Vulnerability details

Impact

If a single order of the orders array fails, the whole function (initiate or exit) reverts with no information about which was the vulnerable order, the only information given is an Exception with a code of 5

Proof of Concept

https://github.com/code-423n4/2022-07-swivel/blob/main/Swivel/Swivel.sol#L82-L104 \ https://github.com/code-423n4/2022-07-swivel/blob/main/Swivel/Swivel.sol#L244-L273

Tools Used

editor

Recommended Mitigation Steps

Add a try-catch block on each call in the initiate and exit functions. In the catch block return the index of the vulnerable index return i.

JTraversa commented 2 years ago

Duplicate of #101

bghughes commented 2 years ago

Duplicate of #101