Tadle
Tadle
DeFiFoundry
27,750 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Must not approve Maximum Token Amount type(uint256).max

ali9896546

Summary

Some ERC-20 tokens encounter issues when using type(uint256).max in the approve function.
This problem manifests when trying to authorize the maximum possible token amount for transfers, causing transactions to consistently revert.

Vulnerability Description

The ERC-20 approve function enables an account to grant permission for a spender to transfer tokens on its behalf.
A common approach is to approve type(uint256).max, allowing unrestricted access to the tokens.
However, certain tokens aren't equipped to handle this maximum value, leading to transaction failures when such a large amount is used.

src/CapitalPool.sol

function approve(address tokenAddr) external {
address tokenManager = tadleFactory.relatedContracts(RelatedContractLibraries.TOKEN_MANAGER);
(bool success, ) = tokenAddr.call(
abi.encodeWithSelector(APPROVE_SELECTOR, tokenManager, type(uint256).max)
);
if (!success) revert ApproveFailed();
}

Impact

Attempting to approve the maximum uint256 value will result in failed transactions.

Recommendations

Instead of using type(uint256).max, approve the exact amount.

Updates

Lead Judging Commences

0xnevi Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

[invalid] finding-CapitalPool-approve-uint256-max

Thanks for flagging, indeed since uint(-1) is representative of max uint256 value, when entering the `if` statement, it will be converted to uint96 max amout, so it will not revert as described. In issue #361, the mockToken utilized does not correctly reflect the below approval behavior. ```Solidity function approve(address spender, uint rawAmount) external returns (bool) { uint96 amount; if (rawAmount == uint(-1)) { amount = uint96(-1); } else { amount = safe96(rawAmount, "Comp::approve: amount exceeds 96 bits"); } ```

Appeal created

kiteweb3 Judge
about 1 year ago
0xnevi Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

[invalid] finding-CapitalPool-approve-uint256-max

Thanks for flagging, indeed since uint(-1) is representative of max uint256 value, when entering the `if` statement, it will be converted to uint96 max amout, so it will not revert as described. In issue #361, the mockToken utilized does not correctly reflect the below approval behavior. ```Solidity function approve(address spender, uint rawAmount) external returns (bool) { uint96 amount; if (rawAmount == uint(-1)) { amount = uint96(-1); } else { amount = safe96(rawAmount, "Comp::approve: amount exceeds 96 bits"); } ```

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.