Summary

Vulnerability Details

Take a look at https://github.com/Cyfrin/2024-02-Beanstalk-1/blob/a3658861af8f5126224718af494d02352fbb3ea5/protocol/contracts/libraries/Token/LibApprove.sol#L23

The approveToken() is designed to only set approvals if the current allowance is not the max. That means there is a posibility for a one time set up to just set this to uint256.max.

While setting the allowance to type(uint256).max reduces the need for repeated approvals (and thus saves gas), it neglects the scenario where the allowance might be fully utilized. In typical use cases, reaching type(uint256).max would require an unrealistic volume of transactions. However, it does not account for potential bugs, exploits, or changes in contract logic that could deplete this allowance unexpectedly.

Would be key to note that this function is called by multiple inscope contracts as shown here: https://github.com/search?q=repo%3ACyfrin%2F2024-02-Beanstalk-1+approveToken&type=code

Impact

The current implementation of the approveToken function allows to set the token allowance to type(uint256).max. However, this approach introduces a vulnerability where, once the type(uint256).max allowance is exhausted, there would be no mechanism in place to renew the approval. This could lead to a situation where the smart contract is unable to perform operations requiring token transfers on behalf of users, effectively freezing any functionality dependent on these approvals.

Tools Used

Recommendations

Implement a mechanism that accepts to reduce or set a new allowance value