Back to Franfran's contests

Swivel v3 contest - Franfran's results

The Capital-Efficient Protocol For Fixed-Rate Lending.

General Information

Platform: Code4rena

Start Date: 12/07/2022

Pot Size: $35,000 USDC

Total HM: 13

Participants: 78

Period: 3 days

Judge: 0xean

Total Solo HM: 6

Id: 135

League: ETH

Swivel

Findings Distribution

Researcher Performance

Rank: 2/78

Findings: 1

Award: $3,352.01

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositorySwivel

Findings Information

🌟 Selected for report: scaraven

Also found by: Franfran

Labels

bug
duplicate
3 (High Risk)

Awards

3352.0128 USDC - $3,352.01

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-07-swivel/blob/main/Swivel/Swivel.sol#L742

Vulnerability details

Impact

Swivel contract uses the redeemUnderlying() function from the Compound CERC20 tokens. This function takes as an input the amount of underlying tokens to be redeemed, which is inconsistent compared to other functions. This issue will lead to user fund losses, everytime any user will want to withdraw from the Compound protocol CERC20 token.

Proof of Concept

Image ipfs://bafkreidpiet5fhn5hzxniyakqsxexbvr3pft4ypelfvgqlbj2ly7byjvui

As you can see, the amount of compounding tokens is taken as an input from the withdraw() function and calls redeemUnderlying(), which should be called with the amount of underlying tokens to get (not the compounding tokens).

Tools Used

Pycharm

Instead of calling redeemUnderlying(), redeem() should be called, which takes the amount of compounding tokens as an input.

#0 - JTraversa

2022-07-18T23:43:17Z

Duplicate of #43

#1 - bghughes

2022-08-04T23:10:19Z

Duplicate of #43

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter