Liquidity Management
Gamma
DeFiFoundry
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Code Improvement Report - GmxProxy.sol (Improper Use of safeApprove)

hunterspartan5

Summary

Inside GmxProxy.sol, there is a function createOrder at line 406. The safeApprove function should first be called to approve 0 tokens before approving a new value. This is to prevent issues when changing approvals from one non-zero value to another.

Vulnerability Details

The safeApprove function does not allow changing an approval directly from one non-zero value to another. If this is attempted, it could result in unexpected behavior or failures in token transfers.

Impact

  • Potential Token Loss: If the approval does not reset correctly, it may lead to incorrect token transfers.

  • Unexpected Failures: Some tokens enforce strict rules on approvals, which can cause transactions to fail if not handled properly.

Tools Used

  • Manual Code Review

  • Solidity Static Analysis Tools

Recommendations

Solution: Reset Approval Before Setting New Value

Refactor safeApprove to first approve 0 before setting a new approval.

Updated Code

IERC20(orderData.initialCollateralToken).safeApprove(address(gmxRouter), 0);
IERC20(orderData.initialCollateralToken).safeApprove(address(gmxRouter), orderData.amountIn);

This ensures that the approval process works correctly, preventing unexpected failures or incorrect token transfers.

Updates

Lead Judging Commences

n0kto Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

invalid_safeApprove_no_reset

USDT or other unusual ERC20 tokens: out of scope. For the other reports: No proof that the allowance won't be consumed by the receiver.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.