[M-02] Unchecked ERC20 `approve` Race Condition
Summary
The UniswapV2Adapter.sol contract contains a potential race condition vulnerability due to the unchecked use of the ERC20 approve function where the contract sets a new allowance without first resetting it to zero.
Vulnerability Details
The UniswapV2Adapter.sol contract facilitates token swaps using the Uniswap V2 protocol. In its executeSwapExactInputSingle and executeSwapExactInput functions, the contract directly sets a new allowance for the Uniswap V2 router without first resetting the existing allowance to zero. This practice can lead to a race condition where an attacker could front-run the transaction and use the current allowance before it is updated.
Impacted code:
Impact
I'm rating this as LOW because I don't have a POC, but the impact could lead to unauthorized token transfers. If an attacker successfully exploits this race condition, they could drain tokens from the contract or manipulate the swap process. It also depends on the specific ERC20 token implementations used with the adapter. If the tokens allow changing allowances without resetting to zero, the risk is HIGH. Given the prevalence of such tokens and the common use of the Uniswap V2 protocol, the likelihood of exploitation is somewhat moderate.
Recommendations
Modify the UniswapV2Adapter.sol to reset the allowance to zero before setting a new allowance. This ensures any existing allowance is invalidated before a new one is set, preventing potential race conditions.
Implementing this would align the contract with best practices for ERC20 token interactions.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.