`CapitalPool::approve` might not work on certain tokens (e.g. `UNI`)
Summary
the approve function calls erc20 tokens approve function with type(uint256).max
however, there are some tokens, such as UNI, that revert on large approvals, which might lead to unexpected errors and loss of funds for users.
Vulnerability Details
Some tokens (e.g. UNI, COMP) revert if the value passed to approve or transfer is larger than uint96, that's might cause errors and unexpected loss of funds for users.
Tools Used
manual review.
Recommendations
consider applying different logic using IncreaseAllowance when needed.
Lead Judging Commences
[invalid] finding-CapitalPool-approve-uint256-max
Thanks for flagging, indeed since uint(-1) is representative of max uint256 value, when entering the `if` statement, it will be converted to uint96 max amout, so it will not revert as described. In issue #361, the mockToken utilized does not correctly reflect the below approval behavior. ```Solidity function approve(address spender, uint rawAmount) external returns (bool) { uint96 amount; if (rawAmount == uint(-1)) { amount = uint96(-1); } else { amount = safe96(rawAmount, "Comp::approve: amount exceeds 96 bits"); } ```
Appeal created
[invalid] finding-CapitalPool-approve-uint256-max
Thanks for flagging, indeed since uint(-1) is representative of max uint256 value, when entering the `if` statement, it will be converted to uint96 max amout, so it will not revert as described. In issue #361, the mockToken utilized does not correctly reflect the below approval behavior. ```Solidity function approve(address spender, uint rawAmount) external returns (bool) { uint96 amount; if (rawAmount == uint(-1)) { amount = uint96(-1); } else { amount = safe96(rawAmount, "Comp::approve: amount exceeds 96 bits"); } ```
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.