Submission Details
Severity:
Return value of ERC20 approve function not checked
Summary
Return value of ERC20 token approve not checked for successful approval
Vulnerability Details
ERC20 tokens return a bolean value to indicate the success of the approval operation. The _replaceDepositToken and the _replaceDepositTokenGateway internal functions implement ERC20 token approvals without checking the return values.
function _replaceDepositToken(address oldToken_, address newToken_) private {
bool isTokenChanged_ = oldToken_ != newToken_;
if (oldToken_ != address(0) && isTokenChanged_) {
// Remove allowance from stETH to wstETH
IERC20(unwrappedDepositToken).approve(oldToken_, 0);
}
if (isTokenChanged_) {
// Get stETH from wstETH
address unwrappedToken_ = IWStETH(newToken_).stETH();
// Increase allowance from stETH to wstETH. To exchange stETH for wstETH
IERC20(unwrappedToken_).approve(newToken_, type(uint256).max);
unwrappedDepositToken = unwrappedToken_;
}
}
Impact
Potential critical code execution when transaction is supposed to revert early.
Tools Used
Manual Review
Recommendations
Consider validating the boolean return value of the ERC20 token approve function.
Updates
Prize pool breakdown
Total prize
22,500 USDC
nSLOC
1,05421 USDC / LOC
20,000 USDC
2,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.