SantaToken is prone to frontrunning during approval
Summary
It is possible to spend more token amount than what has been approved.
Vulnerability Details
Approvals are used during the life cycle of any token. As SantaToken inherits ERC20 contract an approval mechanism is there in place:
Let's consider the following scenario:
A approves 100 Santa tokens to B with
approve(B, 100)A decides to decrease the allowance of B to 20 tokens with
approve(B, 20)B sees the
approve(B, 20)transaction in mempoolB pays higher fee, so that his
transferFrom(A, B, 100)transaction comes beforeapprove(B, 20)transaction made by AB received 100 Santa tokens and now calls
transferFrom(A, B, 20)In total B receives 120 tokens which is more than A expects
Impact
High, because it can be implemented relatively easy if the malicious actor has access and knowledge of mempool.
Tools Used
Manual check
Recommendations
Utilize safe methods to increasing or decreasing allowance. E.g. inherit from OpenZeppelin ERC20 and use increaseAllowance / decreaseAllowance accordingly.
Lead Judging Commences
Front Running on santaToken approves
The library used for ERC20s leverages basic approval mappings that don't consider increase/decrease in approvals resulting in front running. valid mitigations would be implementation of OZ
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.