scaraven
commented
2 years ago duplicate of #180
Closed code423n4 closed 2 years ago
scaraven
commented
2 years ago duplicate of #180
JTraversa
commented
2 years ago Duplicate of #129
bghughes
commented
2 years ago Duplicate of #129
Lines of code
https://github.com/code-423n4/2022-07-swivel/blob/main/Creator/ZcToken.sol#L111-L115 https://github.com/code-423n4/2022-07-swivel/blob/main/Creator/ZcToken.sol#L132-L134 https://github.com/code-423n4/2022-07-swivel/blob/main/Tokens/ZcToken.sol#L111-L115 https://github.com/code-423n4/2022-07-swivel/blob/main/Tokens/ZcToken.sol#L111-L115
Vulnerability details
Impact
Detailed description of the impact of this finding.
Wrong operators are set.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
[Line 111 - 115]
if (allowed >= previewAmount) { revert Approvals(allowed, previewAmount);}
should be changed to
if (allowed < previewAmount) { revert Approvals(allowed, previewAmount);}
[Line 132 - 134]
if (allowed >= principalAmount) { revert Approvals(allowed, principalAmount); }
should be changed to
if (allowed < principalAmount) { revert Approvals(allowed, principalAmount); }
Tools Used
Manual
Recommended Mitigation Steps
Using the current code, If allowance < value, code will be reverted because of underflow after substraction if allowance >= value, code will be reverted because of the if statement
which is not what we want