Platform: Code4rena
Start Date: 12/07/2022
Pot Size: $35,000 USDC
Total HM: 13
Participants: 78
Period: 3 days
Judge: 0xean
Total Solo HM: 6
Id: 135
League: ETH
Rank: 21/78
Findings: 2
Award: $155.43
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xDjango
Also found by: 0x1f8b, 8olidity, Bahurum, Lambda, arcoun, caventa, csanuragjain, hansfriese, joestakey, jonatascm, oyc_109, ronnyx2017
https://github.com/code-423n4/2022-07-swivel/blob/main/Tokens/ZcToken.sol#L111-L115 https://github.com/code-423n4/2022-07-swivel/blob/main/Tokens/ZcToken.sol#L132-L134
Cant withdraw or redeem approved zcToken from other addresses.
code in Tokens/ZcToken.sol and Creator/ZcToken.sol https://github.com/code-423n4/2022-07-swivel/blob/main/Tokens/ZcToken.sol#L132-L134 https://github.com/code-423n4/2022-07-swivel/blob/main/Tokens/ZcToken.sol#L111-L115
It should be
if (allowed < principalAmount) { revert ...}
instead of if allowed >= principalAmount and then revert
#0 - JTraversa
2022-07-20T07:26:30Z
Duplicate of #129
#1 - bghughes
2022-08-03T13:37:36Z
Duplicate of #129
🌟 Selected for report: bin2chen
Also found by: 0x52, 0xDjango, 0xSky, Picodes, auditor0517, rokinot, ronnyx2017, scaraven
https://github.com/code-423n4/2022-07-swivel/blob/main/Marketplace/MarketPlace.sol#L156-L164
Swivel.sol does not implement the interface ISwivel that will revert any call on ZcToken.redeem or withdraw .
Methods Zctoken.redeem and withdraw call MarketPlace.authRedeem: https://github.com/code-423n4/2022-07-swivel/blob/main/Tokens/ZcToken.sol#L106-L118
MarketPlace.authRedeem call Swivel.authRedeem : https://github.com/code-423n4/2022-07-swivel/blob/main/Marketplace/MarketPlace.sol#L156-L164
However Swivel.sol does not implement the interface ISwivel and method authRedeem, that will revert any call on ZcToken.redeem or withdraw . https://github.com/code-423n4/2022-07-swivel/blob/main/Swivel/Swivel.sol
#0 - JTraversa
2022-07-18T23:25:03Z
Duplicate of #39
#1 - bghughes
2022-08-03T14:41:02Z
Duplicate of #39