Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Allowance Overwrite Issue in VaultRouterBranch Contract

mrudenko

Summary

The current implementation of the approve function in the VaultRouterBranch.sol contract overwrites the existing allowance instead of increasing it. This can lead to potential issues when multiple transactions are performed in quick succession, causing the allowance to be reset and potentially blocking further transactions.

Vulnerability Details

The issue is located in the following code snippet:

// increase vault allowance to transfer tokens minus fees from this contract to vault
address indexTokenCache = vault.indexToken;
IERC20(ctx.vaultAsset).approve(indexTokenCache, ctx.assetsMinusFees); //@audit it's not increased, it's overwritten

The approve function is used to set the allowance for the vault to transfer tokens. However, instead of increasing the existing allowance, it overwrites it with the new value. This can cause issues if there are pending transactions that rely on the previous allowance.

Impact

The impact of this issue is that it can block further transactions if the allowance is reset while there are pending transactions. This can lead to a denial of service for users attempting to perform multiple transactions in quick succession.

Tools Used

  • Manual code review

Recommendations

To mitigate this issue, it is recommended to use the increaseAllowance function instead of approve to ensure that the existing allowance is increased rather than overwritten. This can be achieved by implementing the following changes:

  1. Use the increaseAllowance function to increase the existing allowance.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.