Incorrect Handling of Collateral Asset Approval in rebalanceVaultsAssets Function
Summary
The rebalanceVaultsAssets function is vulnerable to Incorrect Handling of Collateral Asset Approval, which could allow a malicious or compromised DEX adapter to exploit remaining token approvals and steal funds from the vault. This vulnerability arises because the function approves the collateral asset to the DEX adapter for the swap operation but fails to reset the approval to zero after the swap is completed.
Also this issue is available in the _convertAssetsToUsdc function where the approval is not set to zero.
Vulnerability Details
The function approves the collateral asset to the DEX adapter using the approve function but does not reset the approval to zero after the swap is completed. This leaves the vault vulnerable to unauthorized transfers if the DEX adapter is malicious or compromised.
Exploitation Scenarios
An attacker deploys a malicious DEX adapter that exploits the remaining approval to steal funds.
The malicious adapter transfers additional tokens from the vault after the swap is completed.
Impact
An attacker could steal funds from the vault by exploiting the remaining approval.
Tools Used
Manual Code Review
Recommendations
Reset the approval to zero after the swap is completed to prevent unauthorized transfers.
Use the
safeApprovefunction from OpenZeppelin's SafeERC20 library to handle approvals safely.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.