Platform: Code4rena
Start Date: 12/07/2022
Pot Size: $35,000 USDC
Total HM: 13
Participants: 78
Period: 3 days
Judge: 0xean
Total Solo HM: 6
Id: 135
League: ETH
Rank: 54/78
Findings: 1
Award: $48.55
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xDjango
Also found by: 0x1f8b, 8olidity, Bahurum, Lambda, arcoun, caventa, csanuragjain, hansfriese, joestakey, jonatascm, oyc_109, ronnyx2017
https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Tokens/ZcToken.sol#L111-L114 https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Tokens/ZcToken.sol#L132-L133
In the ZcToken contract, the withdraw() and redeem() methods both support being called from an other account with an appropriate allowance set, but these functions fail to properly validate allowance.
The problem is the condition (allowed >= amount) to decide if the Approvals error must be raised. The condition should be the opposite, (allowed < amount).
These methods will always revert when called from an other account: the Approvals error will be raised when properly called, while solidity protection against overflow willhopefully protect the contract when called with an invalid allowance.
The conditions to raise the Approvals error must be changed to use '<' instead of '>='.
Allowance in the inherited contract Erc20 support using type(uint256).max as a special "permanent" allowance. The withdraw() and redeem() methods should also support this special value for better consistency.
#0 - JTraversa
2022-07-20T07:24:33Z
Duplicate of #129
#1 - bghughes
2022-07-31T19:40:35Z
Duplicate of #129