Christmas Dinner
First Flight #31
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Token Allowance Front-Running

jerry0422

Summary

Vulnerability Details

The deposit function does not check the user’s allowance before calling safeTransferFrom. A malicious user can front-run the transaction by changing the allowance after the transaction is signed but before execution.

Impact

The contract could transfer an unintended amount, resulting in incorrect balances or potentially locking user funds.

Tools Used

manual review

Recommendations

Check the allowance explicitly before proceeding with the transfer.

function deposit(address _token, uint256 _amount) external beforeDeadline {

if (!whitelisted[_token]) {

revert NotSupportedToken();

}

uint256 allowance = IERC20(_token).allowance(msg.sender, address(this));

require(allowance >= _amount, "Insufficient allowance");

// Proceed with transfer logic

}

Updates

Lead Judging Commences

0xtimefliez Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Appeal created

jerry0422 Submitter
10 months ago
0xtimefliez Lead Judge
10 months ago
0xtimefliez Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.