approve in CapitalPool will always revert for few tokens [UNI, COMP, etc]
Summary
The approve function in capitalPool is used to give max approval to TokenManager, but the function does not handle tokens that revert on large approval or transfer.
Vulnerability Details
Some tokens revert on large approval or transfer as popularly described in weird-erc20 repo
https://github.com/d-xo/weird-erc20?tab=readme-ov-file#revert-on-large-approvals--transfers
The approve function should handle cases like these.
Recommendations
Lead Judging Commences
[invalid] finding-CapitalPool-approve-uint256-max
Thanks for flagging, indeed since uint(-1) is representative of max uint256 value, when entering the `if` statement, it will be converted to uint96 max amout, so it will not revert as described. In issue #361, the mockToken utilized does not correctly reflect the below approval behavior. ```Solidity function approve(address spender, uint rawAmount) external returns (bool) { uint96 amount; if (rawAmount == uint(-1)) { amount = uint96(-1); } else { amount = safe96(rawAmount, "Comp::approve: amount exceeds 96 bits"); } ```
Appeal created
[invalid] finding-CapitalPool-approve-uint256-max
Thanks for flagging, indeed since uint(-1) is representative of max uint256 value, when entering the `if` statement, it will be converted to uint96 max amout, so it will not revert as described. In issue #361, the mockToken utilized does not correctly reflect the below approval behavior. ```Solidity function approve(address spender, uint rawAmount) external returns (bool) { uint96 amount; if (rawAmount == uint(-1)) { amount = uint96(-1); } else { amount = safe96(rawAmount, "Comp::approve: amount exceeds 96 bits"); } ```
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.