Back to auditor0517's contests

Swivel v3 contest - auditor0517's results

The Capital-Efficient Protocol For Fixed-Rate Lending.

General Information

Platform: Code4rena

Start Date: 12/07/2022

Pot Size: $35,000 USDC

Total HM: 13

Participants: 78

Period: 3 days

Judge: 0xean

Total Solo HM: 6

Id: 135

League: ETH

Swivel

Findings Distribution

Researcher Performance

Rank: 27/78

Findings: 1

Award: $106.88

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositorySwivel

Findings Information

🌟 Selected for report: bin2chen

Also found by: 0x52, 0xDjango, 0xSky, Picodes, auditor0517, rokinot, ronnyx2017, scaraven

Labels

bug
duplicate
2 (Med Risk)
resolved

Awards

106.8838 USDC - $106.88

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-07-swivel/blob/fd36ce96b46943026cb2dfcb76dfa3f884f51c18/Marketplace/Interfaces.sol#L52 https://github.com/code-423n4/2022-07-swivel/blob/fd36ce96b46943026cb2dfcb76dfa3f884f51c18/Swivel/Swivel.sol#L620

Vulnerability details

Impact

ZcToken.withdraw() and ZcToken.redeem() will always revert because Swivel.sol doesn't contain authRedeem() function.

Proof of Concept

ZcToken.withdraw() and ZcToken.redeem() call MarketPlace.authRedeem() and ISwivel(swivel).authRedeem isn't implemented. I think Swivel.authRedeemZcToken() is for this option but function names are different.

Tools Used

Manual Review

Recommend changing Swivel.authRedeemZcToken() into Swivel.authRedeem().

#0 - 0xlgtm

2022-07-16T05:12:43Z

Dup of https://github.com/code-423n4/2022-07-swivel-findings/issues/186

#1 - Picodes

2022-07-16T08:46:33Z

Dup of #87

#2 - JTraversa

2022-07-20T07:47:22Z

Duplicate of #39

#3 - bghughes

2022-08-03T14:24:50Z

Duplicate of #39

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter