17 matches found
ISwivel.authRedeem() doesn't have an implementation in Swivel.sol
Lines of code Vulnerability details Impact ZcToken.withdraw and ZcToken.redeem will always revert because Swivel.sol doesn't contain authRedeem function. Proof of Concept ZcToken.withdraw and ZcToken.redeem call MarketPlace.authRedeem and ISwivelswivel.authRedeem isn't implemented. I think...
Loss of funds in an underlying protocol would cause catostrophic loss of funds for swivel
Lines of code Vulnerability details Impact Loss of all user funds Proof of Concept This exploit stems from a quirk in the way that exchange rate is tracked for matured positions. We first need to breakdown how interest is calculate for a matured position. In L124 the yield for a matured position ...
authRedeem in Marketplace.sol calls nonexistent function
Lines of code Vulnerability details Impact Complete loss of user funds Proof of Concept In L156 and L164 marketplace.sol makes an external call to swivel.authRedeem, but Swivel.sol doesn't contain any function by that name. When calling a nonexistent function in solidity, the call will simply...
Swivel withdraw wrapper function redeems an amount on underlying tokens
Lines of code Vulnerability details Impact Swivel contract uses the redeemUnderlying function from the Compound CERC20 tokens. This function takes as an input the amount of underlying tokens to be redeemed, which is inconsistent compared to other functions. This issue will lead to user fund losse...
[H-05] Not minting iPTs for lenders in several lend functions
Lines of code Vulnerability details Impact Using any of the lend function mentioned, will result in loss of funds to the lender - as the funds are transferred from them but no iPTs are sent back to them! Basically making lending via these external PTs unusable. Proof of Concept There is no mintin...
Unpaused modifier can be sidestepped in one of the lend functions.
Lines of code Vulnerability details Impact Suppose you tried to pause the lend function that is connected to Swivel. In that case, the attacker could sidestep it because there is no verification that the number input from the user corresponds with the desired input. Proof of Concept Let's say a b...
Minting to user after funds deposit is now omitted in Lender's Swivel lend
Lines of code Vulnerability details Lender's Swivel version of lend pulls the underlying funds from the user, opens the necessary positions, but now fails to mint Illuminate PT for the user, so there will be no records for her investment and the corresponding funds aren't recoverable. Setting...
Fees should be paid by the user when lend() to Swivel
Lines of code Vulnerability details function lend uint8 p, address u, uint256 m, uint256 memory a, address y, Swivel.Order calldata o, Swivel.Components calldata s public unpausedp returns uint256 // lent represents the number of underlying tokens lent uint256 lent; // returned represents the...
User to lose all the funds when lend() to Swivel
Lines of code Vulnerability details function lend uint8 p, address u, uint256 m, uint256 memory a, address y, Swivel.Order calldata o, Swivel.Components calldata s public unpausedp returns uint256 // lent represents the number of underlying tokens lent uint256 lent; // returned represents the...
[M-01] Easily bypassing admins 'pause' for swivel
Lines of code Vulnerability details Impact Assuming admin decides to pause an external principle when it's dangerous, malicious or unprofitable, Bypassing the admins decision can result in loss of funds for the project. Proof of Concept The principals enum p is only used for unpausedp modifier, a...
unchecked return value from approve()
Handle JMukesh Vulnerability details Impact contract uses an ERC20.approve call but does not check the success return value. Some tokens do not revert if the approval failed, returning false instead. The impact is that, tokens that donāt actually perform the approve and return false are still...
Unhandled return value of ERC20 transfer/transferFrom
Handle 0xRajeev Vulnerability details Impact For reference, see similar Medium-severity finding from Consensys Diligence Audit of Aave Protocol V2: As stated in the above finding: āERC20 implementations are not always consistent. Some implementations of transfer and transferFrom could return...
Admin can abuse onlySwivel
Handle 0xsanson Vulnerability details Impact In MarketPlace.sol, admin can change the swivel address at any time. A malicious admin can abuse this by setting swivel to his personal address. Then they can call some functions like p2pZcTokenExchange and p2pVaultExchange to steal zc-tokens and...
fee possibly send in the wrong way in exitVaultFillingVaultInitiate
Handle gpersoon Vulnerability details Impact The functions exitZcTokenFillingZcTokenInitiate and exitVaultFillingVaultInitiate are kind of similar, however the processing of the fee is different. exitZcTokenFillingZcTokenInitiate send the fee from o.maker exitVaultFillingVaultInitiate sends the f...
Two-step change of a swivel address
Handle pauliax Vulnerability details Impact MarketPlace allows an admin to change swivel to a different address. This function has no validations, even a simple check for zero-address is missing, and there is no validation of the new address being correct. If the admin accidentally uses an invali...
Erc20.approve() return value is ignored
Handle pants Vulnerability details According to the ERC-20 Token Standard, the function approve returns false on failure. However, the return value of Erc20.approve is ignored 3 times: 1. In Swivel.initiateVaultFillingZcTokenInitiate, line 109. 2. In Swivel.initiateZcTokenFillingVaultInitiate, li...
Swivel: implementation for initiateZcTokenFillingZcTokenExit is incorrect
Handle itsmeSTYJ Vulnerability details Impact In initiateZcTokenFillingZcTokenExit , this comment // transfer underlying tokens - the premium paid + fee in underlying to swivel from sender is incorrect because you are actually transferring the underlying tokens - premium paid to the maker from...