Tadle

Summary:

The approve function allows any external address to call it and approve a token address with unlimited spending rights. This function uses a low-level call to interact with the token contract, which can be exploited if the token address is malicious or not implemented correctly. The function does not perform adequate validation of the token address or the token contract’s behavior, leading to potential unauthorized access and misuse of tokens.

Vulnerability Details:

• Function:

  function approve(address tokenAddr) external {

  address tokenManager = tadleFactory.relatedContracts(

  RelatedContractLibraries.TOKEN_MANAGER

  );

  (bool success, ) = tokenAddr.call(

  abi.encodeWithSelector(

  APPROVE_SELECTOR,

  tokenManager,

  type(uint256).max

  )

  );

  ​

  if (!success) {

  revert ApproveFailed();

  }

  }

  The function uses call to invoke the approve method on the token contract specified by tokenAddr, granting unlimited allowance to tokenManager. The function is call by anyone and this method lacks checks to ensure that tokenAddr is a legitimate ERC20 token or not check zero and that it performs the approve function as expected.

Impact:

Allowing anyone to call the approve function without restrictions can lead to significant security risks, including unauthorized token approvals, potential misuse of tokens, and broader vulnerabilities in the system

Tools Used:

Manual review

Recommendations:

1. Token Address Validation:

   • Ensure that tokenAddr is not a zero address and verify that it conforms to ERC20 standards.

   • Implement a check to confirm that tokenAddr supports the approve function using a safer approach than low-level calls.

2. Access Control:

   • Restrict access to the approve function so that only authorized addresses or roles can perform the approval action.