7 matches found
ISwivel.authRedeem() doesn't have an implementation in Swivel.sol
Lines of code Vulnerability details Impact ZcToken.withdraw and ZcToken.redeem will always revert because Swivel.sol doesn't contain authRedeem function. Proof of Concept ZcToken.withdraw and ZcToken.redeem call MarketPlace.authRedeem and ISwivelswivel.authRedeem isn't implemented. I think...
Cannot withdraw or redeem approved tokens
Lines of code Vulnerability details Title Cannot withdraw or redeem approved tokens Impact A contract/EOA which has been approved some ZcToken cannot redeem or withdraw the approved tokens since these functions always revert if msg.sender != holder. Proof of Concept In the withdraw function...
Incorrect check in ZcToken.withdraw and ZcToken.redeem leads to underlying tokens not being able to be transferred
Lines of code Vulnerability details Incorrect check in ZcToken.withdraw and ZcToken.redeem leads to underlying tokens not being able to be transferred In both ZcToken.withdraw and ZcToken.redeem, in the case where holder != msg.sender, a check of the msg.sender's ZcToken allowance is performed. B...
Implementation does not exist
Lines of code fd36ce96b46943026cb2dfcb76dfa3f884f51c18/Marketplace/MarketPlace.solL156 Vulnerability details Impact ZcToken.withdraw and ZcToken.redeem will be reverted. Proof of Concept In ZcToken.withdraw and ZcToken.redeem, it calls redeemer.authRedeem. redeemer can be MarketPlace here. But...
Swivel.sol is missing authRedeem() function called in Marketplace.sol
Lines of code Vulnerability details Impact A user redeems or withdraws from their ZcToken by calling ZcToken.withdraw or ZcToken.redeem. Both of these functions then call MarketPlace.authRedeem which in turn calls Swivel.authRedeem. The issue is that Swivel.sol does not have an authRedeem functio...
ZcToken.withdraw() and ZcToken.redeem() will always revert when msg.sender != holder.
Lines of code Vulnerability details Impact ZcToken.withdraw and ZcToken.redeem will always revert when msg.sender != holder. These 2 functions will work only when users withdraw/redeem from their balances. Proof of Concept When we check allowance here, it reverts when allowance is greater than...
Invalid testing of allowance in ZcToken.withdraw and ZcToken.redeem
Lines of code Vulnerability details Impact / Description In the ZcToken contract, the withdraw and redeem methods both support being called from an other account with an appropriate allowance set, but these functions fail to properly validate allowance. The problem is the condition allowed = amou...