Submission Details
Severity:
Use `increaseAllowance()`/`decreaseAllowance()` instead of `approve()`/`safeApprove()`
Summary
Use increaseAllowance()/decreaseAllowance() instead of approve()/safeApprove()
Vulnerability Details
Changing an allowance with approve() brings the risk that someone may use both the old and the new allowance by unfortunate transaction ordering. Refer to ERC20 API: An Attack Vector on the Approve/TransferFrom Methods. It is recommended to use the increaseAllowance()/decreaseAllowance() to avoid this problem.
File: contracts/LiquidationPoolManager.sol
37: eurosToken.approve(pool, _feesForPool);
76: ierc20.approve(pool, erc20balance);
File: contracts/SmartVaultV3.sol
198: IERC20(_params.tokenIn).safeApprove(ISmartVaultManagerV3(manager).swapRouter2(), _params.amountIn);
Github: [198]
Impact
See #Vulnerability Details
Tools Used
Manual Review
Recommendations
Use increaseAllowance()/decreaseAllowance() instead of approve()/safeApprove()
Updates
Lead Judging Commences
hrishibhat over 1 year ago
Submission Judgement Published Reason: Known issue
Assigned finding tags:
allowance
informational/invalid
hrishibhat over 1 year ago
Submission Judgement Published Reason: Known issue
Assigned finding tags:
allowance
informational/invalid
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
60933 USDC / LOC
17,500 USDC
2,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.