The Standard

The Standard
DeFiHardhat
20,000 USDC
View results
Submission Details
Severity: low
Invalid

Use `increaseAllowance()`/`decreaseAllowance()` instead of `approve()`/`safeApprove()`

Summary

Use increaseAllowance()/decreaseAllowance() instead of approve()/safeApprove()

Vulnerability Details

Changing an allowance with approve() brings the risk that someone may use both the old and the new allowance by unfortunate transaction ordering. Refer to ERC20 API: An Attack Vector on the Approve/TransferFrom Methods. It is recommended to use the increaseAllowance()/decreaseAllowance() to avoid this problem.

File: contracts/LiquidationPoolManager.sol
37: eurosToken.approve(pool, _feesForPool);
76: ierc20.approve(pool, erc20balance);

Github: [37, 76]

File: contracts/SmartVaultV3.sol
198: IERC20(_params.tokenIn).safeApprove(ISmartVaultManagerV3(manager).swapRouter2(), _params.amountIn);

Github: [198]

Impact

See #Vulnerability Details

Tools Used

Manual Review

Recommendations

Use increaseAllowance()/decreaseAllowance() instead of approve()/safeApprove()

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

allowance

informational/invalid

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

allowance

informational/invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.