Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Lack of Revoke Approval Functionality for Infinite Token Approvals(to swan) in BuyerAgent Contract

killua

Summary

  • there are two instances where infinite token approval (type(uint256).max) is granted - to the Swan contract and to the Swan coordinator

  • Given the allowance is infinite , If there is ever a need to revoke or reduce the allowance (e.g., due to security concerns or changes in operational requirements), there is no built-in function in the BuyerAgent contract to do so.

Vulnerability Details

Code in question: In BuyerAgent.sol :

swan.token().approve(address(swan.coordinator()), type(uint256).max);
swan.token().approve(address(swan), type(uint256).max);

Impact

  • Security Risk: If either the Swan contract or its coordinator is compromised or behaves maliciously, they could transfer an unlimited number of tokens from the buyer agent’s balance, leading to a complete loss of funds.

Tools Used

  • Manual review

Recommendations

  • Use specific approvals whenever necessary instead of infinte approvals.

  • Implement a Revoke Approval Functionality: Add a function that allows the owner of the buyer agent to revoke or reduce approvals when they are no longer needed.

  • Use safeIncreaseAllowance() and safeDecreaseAllowance() from safeERC20 lib.

function revokeApproval() external onlyOwner {
swan.token().approve(address(swan.coordinator()), 0);
swan.token().approve(address(swan), 0);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.