Summary

A low vulnerability exists in the token approval method used in the swapExactTokensForTokens and swapTokensForExactTokens functions of the contract. The issue stems from the way token allowances are set for token transfers, specifically the use of IERC20(sp.tokenIn).approve(address(self.swapRouter), sp.amountIn) in these functions.

Vulnerability Details

The aforementioned functions implement a direct token approval strategy susceptible to an allowance attack vector. They both allow swapRouter access to a specified amount of tokenIn, equal to sp.amountIn. This strategy is vulnerable, especially when interacting with tokens like USDC that have built-in mechanisms to guard against allowance-related security threats.

Impact

For tokens like USDC that employ special measures to avert allowance vulnerabilities, the current approval method could lead to incompatible transactions. This incompatibility may result in transaction failures, leading to negative user experiences and potential financial losses due to extra transaction fees. It also opens the door to possible denial-of-service (DoS) attacks and unplanned trading complications.

Tools Used

• Contract code review

• Historical incident analysis

Recommendations

Revise the token approval strategy in both functions as follows:

By utilizing safeIncreaseAllowance() from the OpenZeppelin's ERC20 extensions, the contracts can more safely manage allowances, thereby minimizing the risk of related security vulnerabilities and ensuring compatibility with tokens like USDC.