The approveTo()
function in L1valut contract has no check for approval amount in place which might lead to call with amount more than the balance of vault.
there needs to be a check statement when approving amount to target address.
When approving the amount to the target more than the balance of the vault will revert the transaction.
Manual review
Add the following require statement to the approveTo function in L1vault.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.