The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Use `forceApprove/safeIncreaseAllowance` instead of `approve/safeApprove`, since USDT token will revert if allowance != 0

slvdev

Summary

SmartVaultV3::executeERC20SwapAndFee() and LiquidationPoolManager::runLiquidation() will revert if USDT token will have allowance != 0

Vulnerability Details

USDT will revert if the change allowance from a non-zero value. For this token, it's a requirement to first reset the allowance to zero before setting a new value. Failing to do so can result in transaction reverts, disrupting protocol functionality.

File: contracts/SmartVaultV3.sol
198: IERC20(_params.tokenIn).safeApprove(ISmartVaultManagerV3(manager).swapRouter2(), _params.amountIn);
File: contracts/LiquidationPoolManager.sol
76: ierc20.approve(pool, erc20balance);

Tools Used

VSCode

Recommendations

Consider using the forceApprove method from OpenZeppelin's SafeERC20 library. This method ensures the contract's allowance towards a spender is set to the specified value. If the token doesn't return a value, the non-reverting calls are assumed successful, offering a seamless solution for tokens like USDT.
Since safeIncreaseAllowance calls forceApprove internally, it's also a viable alternative.

Updates

Lead Judging Commences

hrishibhat Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

allowance

informational/invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!