Back to Lambda's contests

Swivel v3 contest - Lambda's results

The Capital-Efficient Protocol For Fixed-Rate Lending.

General Information

Platform: Code4rena

Start Date: 12/07/2022

Pot Size: $35,000 USDC

Total HM: 13

Participants: 78

Period: 3 days

Judge: 0xean

Total Solo HM: 6

Id: 135

League: ETH

Swivel

Findings Distribution

Researcher Performance

Rank: 53/78

Findings: 1

Award: $48.55

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositorySwivel

Findings Information

🌟 Selected for report: 0xDjango

Also found by: 0x1f8b, 8olidity, Bahurum, Lambda, arcoun, caventa, csanuragjain, hansfriese, joestakey, jonatascm, oyc_109, ronnyx2017

Labels

bug
duplicate
2 (Med Risk)

Awards

48.5491 USDC - $48.55

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-07-swivel/blob/67c6900222cc4045d7fe2227a1ea73e0251374ed/Creator/ZcToken.sol#L112 https://github.com/code-423n4/2022-07-swivel/blob/67c6900222cc4045d7fe2227a1ea73e0251374ed/Creator/ZcToken.sol#L133

Vulnerability details

Impact

withdraw and redeem currently revert when the allowance is larger than the requested amount. However, this should be the other way around. Therefore, the methods do not work with allowances, as in the case allowed < previewAmount (or allowed < principalAmount), the subtraction of the allowance will revert.

Change the checks to allowed < previewAmount / allowed < principalAmount.

#0 - JTraversa

2022-07-20T07:29:42Z

Duplicate of #129

#1 - bghughes

2022-08-03T01:45:20Z

Duplicate of #129

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter