Open code423n4 opened 2 years ago
This would rely on the zcTokens themselves to sit on address(0) right?
So the big thing would be that whatever burn implementation the token uses must actually remove the tokens from the supply rather than sending them to address(0). (which this implementation does)
That said, its clear the statement wasnt as intended (or that block would have been removed).
This would rely on the zcTokens themselves to sit on address(0) right?
So the big thing would be that whatever burn implementation the token uses must actually remove the tokens from the supply rather than sending them to address(0). (which this implementation does)
That said, its clear the statement wasnt as intended (or that block would have been removed).
- With scope questions this should probably be low-med or disputed?
It's an interesting scope question as it questions a dependency - that said, this sort of low-level dependency, if used throughout the protocol, could jeopardize funds in a vault and break ERC-20 assumptions. I think the issue should stand given the risk.
Yea agreed.
That said I'm more emphasizing the other part for the severity claim?:
So the big thing would be that whatever burn implementation the token uses must actually remove the tokens from the supply rather than sending them to address(0). (which this implementation does)
Though I think we are ameliorating this anyways, the issue would only arise if somehow address(0) was broken, as discussed by the warden himself in this twitter thread: https://twitter.com/devtooligan/status/1554709426652688384
Given the current implementation does not send these tokens to address(0) to burn them I think this should be downgraded to medium severity.
The "external requirement" would be someone / some protocol trying to burn tokens be sending them to address(0) instead of calling burn.
I don't see a direct attack path given the current implementation but do think this is above QA, med seems right.
Lines of code
https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Tokens/Erc20.sol#L165-L167
Vulnerability details
Impact
When creating ERC20.sol from Solmate, a
require()
inpermit()
was converted to a custom error incorrectly.It now reads:
So if the
recoveredAddress
is non-zero and therecoveredAddress
is notowner
it will error. But if therecoveredAddress == 0x0
then it will pass this check.Anyone can permit themselves as a
spender
using the zero address for any token which inherits this ERC20 implementation. So, for example, someone could redeem some zcTokens for underlying, then transfer the burned tokens back to themselves and repeat, draining the protocol.Proof of Concept
Recommended Mitigation Steps