Lucene search
K

7 matches found

Code423n4
Code423n4
•added 2022/07/15 12:0 a.m.•13 views

ISwivel.authRedeem() doesn't have an implementation in Swivel.sol

Lines of code Vulnerability details Impact ZcToken.withdraw and ZcToken.redeem will always revert because Swivel.sol doesn't contain authRedeem function. Proof of Concept ZcToken.withdraw and ZcToken.redeem call MarketPlace.authRedeem and ISwivelswivel.authRedeem isn't implemented. I think...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2022/07/15 12:0 a.m.•14 views

Cannot withdraw or redeem approved tokens

Lines of code Vulnerability details Title Cannot withdraw or redeem approved tokens Impact A contract/EOA which has been approved some ZcToken cannot redeem or withdraw the approved tokens since these functions always revert if msg.sender != holder. Proof of Concept In the withdraw function...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/07/15 12:0 a.m.•7 views

Incorrect check in ZcToken.withdraw and ZcToken.redeem leads to underlying tokens not being able to be transferred

Lines of code Vulnerability details Incorrect check in ZcToken.withdraw and ZcToken.redeem leads to underlying tokens not being able to be transferred In both ZcToken.withdraw and ZcToken.redeem, in the case where holder != msg.sender, a check of the msg.sender's ZcToken allowance is performed. B...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/07/15 12:0 a.m.•10 views

Implementation does not exist

Lines of code fd36ce96b46943026cb2dfcb76dfa3f884f51c18/Marketplace/MarketPlace.solL156 Vulnerability details Impact ZcToken.withdraw and ZcToken.redeem will be reverted. Proof of Concept In ZcToken.withdraw and ZcToken.redeem, it calls redeemer.authRedeem. redeemer can be MarketPlace here. But...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/07/15 12:0 a.m.•7 views

Swivel.sol is missing authRedeem() function called in Marketplace.sol

Lines of code Vulnerability details Impact A user redeems or withdraws from their ZcToken by calling ZcToken.withdraw or ZcToken.redeem. Both of these functions then call MarketPlace.authRedeem which in turn calls Swivel.authRedeem. The issue is that Swivel.sol does not have an authRedeem functio...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/07/15 12:0 a.m.•7 views

ZcToken.withdraw() and ZcToken.redeem() will always revert when msg.sender != holder.

Lines of code Vulnerability details Impact ZcToken.withdraw and ZcToken.redeem will always revert when msg.sender != holder. These 2 functions will work only when users withdraw/redeem from their balances. Proof of Concept When we check allowance here, it reverts when allowance is greater than...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2022/07/15 12:0 a.m.•5 views

Invalid testing of allowance in ZcToken.withdraw and ZcToken.redeem

Lines of code Vulnerability details Impact / Description In the ZcToken contract, the withdraw and redeem methods both support being called from an other account with an appropriate allowance set, but these functions fail to properly validate allowance. The problem is the condition allowed = amou...

7.1AI score
Exploits0
Rows per page
Query Builder