search

code-423n4 / 2022-07-swivel-findings

0 stars 1 forks source link

validation check on allowed amount wrong in withdraw function #22

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-07-swivel/blob/fd36ce96b46943026cb2dfcb76dfa3f884f51c18/Creator/ZcToken.sol#L112

Vulnerability details

validation check on allowed amount wrong in withdraw function

description

https://github.com/code-423n4/2022-07-swivel/blob/fd36ce96b46943026cb2dfcb76dfa3f884f51c18/Creator/ZcToken.sol#L112

the validation check if (allowed >= previewAmount) is incorrect as allowed should be greater than previewAmount

this will make withdraw always revert when using an allowance

if allowed < previouAmount the next line will revert

https://github.com/code-423n4/2022-07-swivel/blob/fd36ce96b46943026cb2dfcb76dfa3f884f51c18/Creator/ZcToken.sol#L115

recommendation

change the if statement to require

JTraversa commented 2 years ago

Duplicate of #129

bghughes commented 2 years ago

Duplicate of #129