Lucene search
K

17 matches found

Code423n4
Code423n4
•added 2022/07/15 12:0 a.m.•13 views

ISwivel.authRedeem() doesn't have an implementation in Swivel.sol

Lines of code Vulnerability details Impact ZcToken.withdraw and ZcToken.redeem will always revert because Swivel.sol doesn't contain authRedeem function. Proof of Concept ZcToken.withdraw and ZcToken.redeem call MarketPlace.authRedeem and ISwivelswivel.authRedeem isn't implemented. I think...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2022/07/14 12:0 a.m.•15 views

Loss of funds in an underlying protocol would cause catostrophic loss of funds for swivel

Lines of code Vulnerability details Impact Loss of all user funds Proof of Concept This exploit stems from a quirk in the way that exchange rate is tracked for matured positions. We first need to breakdown how interest is calculate for a matured position. In L124 the yield for a matured position ...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/07/14 12:0 a.m.•7 views

authRedeem in Marketplace.sol calls nonexistent function

Lines of code Vulnerability details Impact Complete loss of user funds Proof of Concept In L156 and L164 marketplace.sol makes an external call to swivel.authRedeem, but Swivel.sol doesn't contain any function by that name. When calling a nonexistent function in solidity, the call will simply...

7.2AI score
Exploits0
Code423n4
Code423n4
•added 2022/07/13 12:0 a.m.•9 views

Swivel withdraw wrapper function redeems an amount on underlying tokens

Lines of code Vulnerability details Impact Swivel contract uses the redeemUnderlying function from the Compound CERC20 tokens. This function takes as an input the amount of underlying tokens to be redeemed, which is inconsistent compared to other functions. This issue will lead to user fund losse...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/26 12:0 a.m.•12 views

[H-05] Not minting iPTs for lenders in several lend functions

Lines of code Vulnerability details Impact Using any of the lend function mentioned, will result in loss of funds to the lender - as the funds are transferred from them but no iPTs are sent back to them! Basically making lending via these external PTs unusable. Proof of Concept There is no mintin...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/26 12:0 a.m.•9 views

Unpaused modifier can be sidestepped in one of the lend functions.

Lines of code Vulnerability details Impact Suppose you tried to pause the lend function that is connected to Swivel. In that case, the attacker could sidestep it because there is no verification that the number input from the user corresponds with the desired input. Proof of Concept Let's say a b...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/26 12:0 a.m.•9 views

Minting to user after funds deposit is now omitted in Lender's Swivel lend

Lines of code Vulnerability details Lender's Swivel version of lend pulls the underlying funds from the user, opens the necessary positions, but now fails to mint Illuminate PT for the user, so there will be no records for her investment and the corresponding funds aren't recoverable. Setting...

6.5AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/26 12:0 a.m.•14 views

Fees should be paid by the user when lend() to Swivel

Lines of code Vulnerability details function lend uint8 p, address u, uint256 m, uint256 memory a, address y, Swivel.Order calldata o, Swivel.Components calldata s public unpausedp returns uint256 // lent represents the number of underlying tokens lent uint256 lent; // returned represents the...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/26 12:0 a.m.•10 views

User to lose all the funds when lend() to Swivel

Lines of code Vulnerability details function lend uint8 p, address u, uint256 m, uint256 memory a, address y, Swivel.Order calldata o, Swivel.Components calldata s public unpausedp returns uint256 // lent represents the number of underlying tokens lent uint256 lent; // returned represents the...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/26 12:0 a.m.•9 views

[M-01] Easily bypassing admins 'pause' for swivel

Lines of code Vulnerability details Impact Assuming admin decides to pause an external principle when it's dangerous, malicious or unprofitable, Bypassing the admins decision can result in loss of funds for the project. Proof of Concept The principals enum p is only used for unpausedp modifier, a...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2021/10/06 12:0 a.m.•13 views

unchecked return value from approve()

Handle JMukesh Vulnerability details Impact contract uses an ERC20.approve call but does not check the success return value. Some tokens do not revert if the approval failed, returning false instead. The impact is that, tokens that don’t actually perform the approve and return false are still...

7AI score
Exploits0
Code423n4
Code423n4
•added 2021/10/06 12:0 a.m.•8 views

Unhandled return value of ERC20 transfer/transferFrom

Handle 0xRajeev Vulnerability details Impact For reference, see similar Medium-severity finding from Consensys Diligence Audit of Aave Protocol V2: As stated in the above finding: ā€œERC20 implementations are not always consistent. Some implementations of transfer and transferFrom could return...

7AI score
Exploits0
Code423n4
Code423n4
•added 2021/10/06 12:0 a.m.•9 views

Admin can abuse onlySwivel

Handle 0xsanson Vulnerability details Impact In MarketPlace.sol, admin can change the swivel address at any time. A malicious admin can abuse this by setting swivel to his personal address. Then they can call some functions like p2pZcTokenExchange and p2pVaultExchange to steal zc-tokens and...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2021/10/06 12:0 a.m.•9 views

fee possibly send in the wrong way in exitVaultFillingVaultInitiate

Handle gpersoon Vulnerability details Impact The functions exitZcTokenFillingZcTokenInitiate and exitVaultFillingVaultInitiate are kind of similar, however the processing of the fee is different. exitZcTokenFillingZcTokenInitiate send the fee from o.maker exitVaultFillingVaultInitiate sends the f...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2021/10/06 12:0 a.m.•9 views

Two-step change of a swivel address

Handle pauliax Vulnerability details Impact MarketPlace allows an admin to change swivel to a different address. This function has no validations, even a simple check for zero-address is missing, and there is no validation of the new address being correct. If the admin accidentally uses an invali...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2021/10/05 12:0 a.m.•6 views

Erc20.approve() return value is ignored

Handle pants Vulnerability details According to the ERC-20 Token Standard, the function approve returns false on failure. However, the return value of Erc20.approve is ignored 3 times: 1. In Swivel.initiateVaultFillingZcTokenInitiate, line 109. 2. In Swivel.initiateZcTokenFillingVaultInitiate, li...

7.1AI score
Exploits0
Code423n4
Code423n4
•added 2021/10/05 12:0 a.m.•13 views

Swivel: implementation for initiateZcTokenFillingZcTokenExit is incorrect

Handle itsmeSTYJ Vulnerability details Impact In initiateZcTokenFillingZcTokenExit , this comment // transfer underlying tokens - the premium paid + fee in underlying to swivel from sender is incorrect because you are actually transferring the underlying tokens - premium paid to the maker from...

6.8AI score
Exploits0
Rows per page
Query Builder