Use `forceApprove/safeIncreaseAllowance` instead of `approve/safeApprove`, since USDT token will revert if allowance != 0
Summary
SmartVaultV3::executeERC20SwapAndFee() and LiquidationPoolManager::runLiquidation() will revert if USDT token will have allowance != 0
Vulnerability Details
USDT will revert if the change allowance from a non-zero value. For this token, it's a requirement to first reset the allowance to zero before setting a new value. Failing to do so can result in transaction reverts, disrupting protocol functionality.
Tools Used
VSCode
Recommendations
Consider using the forceApprove method from OpenZeppelin's SafeERC20 library. This method ensures the contract's allowance towards a spender is set to the specified value. If the token doesn't return a value, the non-reverting calls are assumed successful, offering a seamless solution for tokens like USDT.
Since safeIncreaseAllowance calls forceApprove internally, it's also a viable alternative.
Lead Judging Commences
allowance
informational/invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.