DittoETH

Ditto

DeFiFoundryOracle

55,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Return values of approve() not checked

0xpanicError

Summary

Some ERC20 implementations signal approve() errors with a boolean return value instead of using revert(). Not checking this value can lead to unapproved operations proceeding.

Vulnerability Details

If developers neglect to check this return value, they might proceed with operations under false assumptions, leading to potential vulnerabilities or unintended behaviours in smart contract interactions.

Also approve can be subject to front running attacks.When a user tries to change an allowance, a spender can see this pending transaction and quickly use the current allowance before the change is mined, potentially double-spending if the user's updated allowance is also used later.

Tools Used

Manual Review

Recommendations

Simple solution would to use safeIncreaseAllowance instead of approve. It checks for boolean returns and mitigates double-spending by first setting allowances to 0 before updating to the desired value, preventing malicious timing exploits between transactions.

Updates

Lead Judging Commences

0xnevi Lead Judge

almost 2 years ago

0xnevi Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Other

Prize pool breakdown

Total prize

55,000 USDC

nSLOC

3,365

16 USDC / LOC

High Medium

50,000 USDC

Low

5,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.