Part 2

Summary

Using approve directly in contracts like UniswapV3Adapter and CurveAdapter exposes the system to risks such as front-running attacks, excessive authorization, and undetected failures. Modifying approval amounts without resetting them to zero allows attackers to exploit existing approvals, while relying on approve without checking return values may result in unnoticed failures.

Vulnerability Details

The direct use of approve in the CreditDelegationBranch, FeeDistributionBranch, VaultRouterBranch, UniswapV3Adapter, UniswapV2Adapter, and CurveAdapter contracts introduces security risks, including front-running attacks, cumulative authorization risks, and issues related to the handling of return values. The current practice of modifying the approval amount without first resetting it to zero can allow attackers to exploit existing approvals before new ones take effect. Additionally, relying on approve without checking for the success of the operation could lead to undetected failures in certain token implementations.

For example:

src/market-making/branches/CreditDelegationBranch.sol:rebalanceVaultsAssets#L662

src/market-making/branches/FeeDistributionBranch.sol:convertAccumulatedFeesToWeth#L195

src/utils/dex-adapters/CurveAdapter.sol:executeSwapExactInputSingle#L84

src/market-making/branches/VaultRouterBranch.sol:deposit#L354

src/utils/dex-adapters/UniswapV2Adapter.sol:executeSwapExactInput#L114

src/utils/dex-adapters/UniswapV3Adapter.sol:executeSwapExactInputSingle#L92

Impact

1. Front-running Attack Risk: If a spender's approval is modified (e.g., reducing the approved amount from 100 to 50) without first resetting it to zero, attackers can use the original approval amount before the new transaction is confirmed, allowing them to access more funds than intended.

2. Authorization Accumulation Risk: New approvals overwrite previous ones. If the previous authorization hasn't been fully used, this can unintentionally grant higher approval amounts, leading to excessive or unintentional access to funds.

3. Return Value Handling Issue: Some tokens return false instead of reverting on failure. If the approve function doesn't properly handle this return value, failures may go unnoticed and result in unexpected behavior.

Tools Used

Manual Code Review

Recommendations

It is recommended to use safeIncreaseAllowance and safeDecreaseAllowance to prevent front-running and cumulative risks for increasing approval amounts. If approve must be used, reset the approval amount to zero before setting a new value to prevent accumulation risks. However, note that this approach is vulnerable to atomicity issues,so it is less preferred.