search

code-423n4 / 2022-07-swivel-findings

0 stars 1 forks source link

The comparison condition of ZcToken allowance is incorrect #35

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-07-swivel/blob/main/Tokens/ZcToken.sol#L111-L115 https://github.com/code-423n4/2022-07-swivel/blob/main/Tokens/ZcToken.sol#L132-L134

Vulnerability details

Impact

Cant withdraw or redeem approved zcToken from other addresses.

Proof of Concept

code in Tokens/ZcToken.sol and Creator/ZcToken.sol https://github.com/code-423n4/2022-07-swivel/blob/main/Tokens/ZcToken.sol#L132-L134 https://github.com/code-423n4/2022-07-swivel/blob/main/Tokens/ZcToken.sol#L111-L115

It should be 

if (allowed < principalAmount) { revert ...}

instead of if allowed >= principalAmount and then revert

Tools Used

Recommended Mitigation Steps

JTraversa commented 2 years ago

Duplicate of #129

bghughes commented 2 years ago

Duplicate of #129