Wrong approval in `LLMOracleRegistry::unregister`
Summary
When [`LLMOracleRegistry::unregister()`](https://github.com/Cyfrin/2024-10-swan-dria/blob/c8686b199daadcef3161980022e12b66a5304f8e/contracts/llm/LLMOracleRegistry.sol#L117) is called, it tries to approve the user back of the allowance consumed when registering but the case is that the order of approval is wrong so the user's approval to the contract will still be 0
Vulnerability Details
Looking at register we will find this check:
it checks whether the allowance approved for the contract is greater than or equal to the stakeAmount other wise it reverts
but whenever the user tries to unregister an oracle, it tries to restore back the allowance. through this check:
looking here the approval done here will increase (address(this),msg.sender) allowance instead of (msg.sender,address(this)).
considering this check anytime the unregister is called followed by register the allowance check in register will always revert since the approval was restored wrongly.
Impact
The allowance is allocated wrongly, as a result the allowance is not restored and register checks will revert.
Tools Used
manual review
Recommendations
Th approval logic has to be revisited
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.