Steadefi
Steadefi
DeFiHardhatFoundryOracle
35,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

`GMXVault` contract : no checks on the returned value of token approvals (`approve`)

0xhals

Summary

GMXVault contract : no checks on the returned value of token approvals (approve).

Vulnerability Details

  • When GMXVault is deployed: the vault grants some 3rd party contracts (GMX exchange router ,depositVault and withdrawalVault contracts) the approval/allowance on its tokens.

  • But it was noticed that there's no check on the returned value of the approve function, as some tokens might return false instead of reverting if the approvals fails.

Impact

Since there's noway to set the approvals of these tokens again once the vault is deployed; the vault will not be working as intended and if any deposit is made by the vault later; it might be lost as it can't be withdrawn if any of the token approvals for these interacting contracts fails.

Proof of Concept

GMXVault.constructor

// Set token approvals for this vault
_store.tokenA.approve(address(_store.router), type(uint256).max);
_store.tokenB.approve(address(_store.router), type(uint256).max);
//..............
_store.tokenA.approve(address(_store.depositVault), type(uint256).max);
_store.tokenB.approve(address(_store.depositVault), type(uint256).max);
//..............
_store.tokenA.approve(address(_store.tokenALendingVault), type(uint256).max);
_store.tokenB.approve(address(_store.tokenBLendingVault), type(uint256).max);

Tools Used

Manual Review.

Recommendations

Check the returned value of each approve call; this can be done by wrapping the call with a require statement:

require(_store.tokenA.approve(address(_store.router), type(uint256).max),"approval failed");
Updates

Lead Judging Commences

hans Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.