Use `increaseAllowance/decreaseAllowance` instead of `approve` in WToekn.sol
Summary
Changing an allowance with approve carries the risk that an attacker may front-run the transaction and use both the old and the new allowance. It is recommended to use increaseAllowance or decreaseAllowance to avoid this issue.
Vulnerability Details
The specific scenario is as follows:
Owner approves 10 ether to spender
Owner is going to change the 10 ether approved to spender to 1 ether
Spender transfers the 10 ether approved by owner to his own account before the transaction is executed
Owner's authorization (change 10 ether to 1 ether) transaction is executed, spender can transfer 1 ether to his own account
At this time, owner only wants to approve 1 ether to spender, but spender finally gets 10 ether + 1 ether, which exceeds the owner's authorization amount
Impact
Changing an allowance with approve brings the risk that someone may use both the old and the new allowance by unfortunate transaction ordering.
Tools Used
Manual review
Recommendations
Use increaseAllowance/decreaseAllowance instead of approve in WToken.sol
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.