The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Lack of 'safeApprove(0)' Method will prevent Smart Vault Owners From Swapping More Than Once

BjornBug

Summary

The safeApprove(0) method is not included in SmartVaultV3's executeERC20SwapAndFee() when a swap is executed. This prevents the smart contract owner from swapping the same token more than once because executeERC20SwapAndFee() uses safeApprove() with a non-zero value. therefore the transaction will always revert.

Vulnerability Details

The SmartVaultV3#executeERC20SwapAndFee() function, called internally by SmartVaultV3#swap, uses OpenZeppelin's safeApprove() method. This method approves ISmartVaultManagerV3(manager).swapRouter2() to perform a swap of tokenIn with amountIn.
However, safeApprove() is never reset to 0 after the first swap.

This means the allowance for ISmartVaultManagerV3(manager).swapRouter2() for tokenIn with amountIn is not set to 0, which is necessary for calling the swap function again(safeApprove()), especially for the same tokenIn.

function safeApprove(
IERC20 token,
address spender,
uint256 value
) internal {
// safeApprove should only be called when setting an initial allowance,
// or when resetting it to zero. To increase and decrease it, use
// 'safeIncreaseAllowance' and 'safeDecreaseAllowance'
require(
(value == 0) || (token.allowance(address(this), spender) == 0),
"SafeERC20: approve from non-zero to non-zero allowance"
);
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));
}

OpenZeppelin SafeERC20 Contract - safeApprove Function

POC

Consider adding another swap function in the smartVault.js test suite after the first swap, which will successfully pass the test.

it.only('invokes swaprouter after creating approval for erc20, paying fees to protocol, converting all weth back to eth', async () => {
.....
const swapValue2 = ethers.utils.parseEther('30');
await expect(Vault.connect(user).swap(inToken, outToken, swapValue2)).to.be.revertedWith('SafeERC20: approve from non-zero to non-zero allowance');
}

Impact

The smart vault owner will never be able to swap the same token more than once, making the swap() function completely useless in the smart vault.

Tools Used

Manual

Recommendations

Always use safeApprove(..., 0) when changing the allowance, or opt for safeIncreaseAllowance().

Updates

Lead Judging Commences

hrishibhat Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

informational/invalid

BjornBug Submitter
almost 2 years ago
hrishibhat Lead Judge
almost 2 years ago
BjornBug Submitter
almost 2 years ago
hrishibhat Lead Judge
almost 2 years ago
BjornBug Submitter
almost 2 years ago
hrishibhat Lead Judge
almost 2 years ago
BjornBug Submitter
almost 2 years ago
hrishibhat Lead Judge
almost 2 years ago
BjornBug Submitter
almost 2 years ago
hrishibhat Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

informational/invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!