Incomplete token approval management in `handleOutgoingRESDL` function
Summary
In SDLPoolPrimary function handleOutgoingRESDL related to the handling of "reSDL" locks and their outgoing transfers has no check for approval removal. The primary concern identified is the absence of a conditional check for approval deletion in the handleOutgoingRESDL function.
Vulnerability Details
The handleOutgoingRESDL function processes outgoing transfers of "reSDL" locks to another chain. While the function correctly manages lock-related information and token transfers, it lacks a conditional check for approval deletion when the entire lock amount is transferred.
Impact
The absence of the conditional check for approval deletion may result in leaving unnecessary token approvals in the state, potentially leading to inconsistent contract behavior. This could impact the security and efficiency of the contract.
Unnecessary token approvals can pose a security risk by allowing unauthorized contracts or users to spend tokens on behalf of the contract owner, as these approvals may remain valid indefinitely.
Tools Used
Manual code review
Recommendations
Conditional Check for Approval Deletion:
In the handleOutgoingRESDL function, introduce a conditional check similar to the one present in the withdraw function to delete token approvals when the entire lock amount is being transferred.
Example modification:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.