Platform: Code4rena
Start Date: 12/07/2022
Pot Size: $35,000 USDC
Total HM: 13
Participants: 78
Period: 3 days
Judge: 0xean
Total Solo HM: 6
Id: 135
League: ETH
Rank: 13/78
Findings: 2
Award: $1,049.88
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: csanuragjain
Also found by: cccz
In the MarketPlace contract, the unpaused modifier was not added to authRedeem function, which would make authRedeem function not controlled by paused.
None
- function authRedeem(uint8 p, address u, uint256 m, address f, address t, uint256 a) public authorized(markets[p][u][m].zcToken) returns (uint256 underlyingAmount) { + function authRedeem(uint8 p, address u, uint256 m, address f, address t, uint256 a) public authorized(markets[p][u][m].zcToken) unpaused(p) returns (uint256 underlyingAmount) {
#0 - JTraversa
2022-07-20T07:19:01Z
Duplicate of #64
#1 - bghughes
2022-07-31T19:59:12Z
Duplicate of #64
🌟 Selected for report: joestakey
Also found by: 0x1f8b, 0x52, 0xDjango, 0xNazgul, 0xNineDec, 8olidity, Avci, Bahurum, Bnke0x0, Chom, ElKu, Funen, GimelSec, JC, Junnon, Kaiziron, Meera, PaludoX0, Picodes, ReyAdmirado, Sm4rty, Soosh, Waze, _Adam, __141345__, ak1, aysha, benbaessler, bin2chen, c3phas, cccz, cryptphi, csanuragjain, defsec, exd0tpy, fatherOfBlocks, gogo, hake, hansfriese, itsmeSTYJ, jonatascm, kyteg, mektigboy, oyc_109, pashov, rbserver, rishabh, robee, rokinot, sach1r0, sashik_eth, scaraven, simon135, slywaters
44.2769 USDC - $44.28
The solidity function ecrecover is used, however the error result of 0 is not checked for. See documentation: https://docs.soliditylang.org/en/v0.8.13/units-and-global-variables.html?highlight=ecrecover#mathematical-and-cryptographic-functions "recover the address associated with the public key from elliptic curve signature or return zero on error. "
https://github.com/code-423n4/2022-07-swivel/blob/fd36ce96b46943026cb2dfcb76dfa3f884f51c18/Swivel/Swivel.sol#L686-L698 https://github.com/code-423n4/2022-07-swivel/blob/fd36ce96b46943026cb2dfcb76dfa3f884f51c18/Swivel/Sig.sol#L20-L31 https://github.com/code-423n4/2022-07-swivel/blob/fd36ce96b46943026cb2dfcb76dfa3f884f51c18/Swivel/Sig.sol#L38-L42
None
Verify that the result from ecrecover isn't 0
Fee-on-transfer tokens are not supported in Swivel contracts For example, in the initiateZcTokenFillingVaultInitiate function, when the uToken is a fee-on-transfer token, the number of uTokens received by the contract will be less than a + fee, which will cause the contract to lose fees in the deposit function.
uint256 fee = premiumFilled / feenominators[0]; Safe.transferFrom(uToken, msg.sender, address(this), (a + fee)); IMarketPlace mPlace = IMarketPlace(marketPlace); address cTokenAddr = mPlace.cTokenAddress(o.protocol, o.underlying, o.maturity); // perform the actual deposit type transaction, specific to a protocol if(!deposit(o.protocol, o.underlying, cTokenAddr, a)) { revert Exception(6, 0, 0, address(0), address(0)); }
https://github.com/code-423n4/2022-07-swivel/blob/main/Swivel/Swivel.sol
None
Consider getting the received amount by calculating the difference of token balance (using balanceOf) before and after the _transferFrom.
#0 - robrobbins
2022-08-31T00:44:47Z
adding a maybe because i don't know what a fee-on-transfer token is here