In ZlpVault::updateAssetAllowance
ERC20 token approvals are being set, without resetting those token allowances to 0, which causes a DoS with tokens like USDT which is explicitly allowed by the contract.
ZlpVault::updateAssetAllowance
:
Failure to set appropriate approvals can have severe impacts on several parts of the logic, including the liquidation logic. Therefore the Impact is to be rated high.
Manual Review
Use OpenZeppelins safeApprove
or modify the code to first reset the allowance to 0 and than set a new allowance like:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.