Tadle
Tadle
DeFiFoundry
27,750 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Token with approval race conditions can cause revert.

0xsandy

Summary

Some tokens (e.g. USDT, KNC) do not allow approving an amount M > 0 when an existing amount N > 0 is already approved.

Vulnerability Details

The approve()function of CapitalPool.sol:

function approve(address tokenAddr) external {
address tokenManager = tadleFactory.relatedContracts(RelatedContractLibraries.TOKEN_MANAGER);
(bool success,) = tokenAddr.call(abi.encodeWithSelector(APPROVE_SELECTOR, tokenManager, type(uint256).max));
if (!success) {
revert ApproveFailed();
}
}

This function directly approves to type(uint256).maxwithout approving to 0 first.

Impact

Tadle is supposed to be compatible with all the tokens that follow the ERC20 standard but the approve()function of CapitalPool.sol is not compatible with all the tokens like USDT, KNC and revert.

For more reference: https://github.com/d-xo/weird-erc20?tab=readme-ov-file#approval-race-protections

Tools Used

Manual Analysis

Recommendations

Modify the approve()function to approve to 0first and then approve to type(uint256).max.

Updates

Lead Judging Commences

0xnevi Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Other
Assigned finding tags:

[invalid] finding-CapitalPool-USDT-approve-zero-first

I believe this is invalid, - For weird ERC20s with front-running approval protection such as UDST (only known instance so far), max approval is likely only required to be invoked once, considering the supply cap of such tokens. (USDT supply is at 53.8 billion (53.8e9 * 1e9, so this is 100% sufficient) - If approvals are insufficient, a new proxy for tadle market can always be deployed via the TadleFactory contract and migrated

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.