Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

### **Unrestricted Re-Approval Exploit (Front-Running Attack on `approve`)

usengo

Summary

The contract is vulnerable to an Unrestricted Re-Approval Exploit . This occurs when a spender (attacker) can front-run the owner's approve transaction to continuously drain their balance.

Vulnerability Details

The vulnerability exploits a fundamental flaw in the approve() mechanism, where an attacker can front-run approval transactions to drain the victim’s funds repeatedly.

The approve() function allows an owner to authorize a spender to use their tokens. However, it does not enforce any restrictions on re-approvals, making it susceptible to a front-running attack.

function approve(address spender, uint256 amount) external returns (bool);
function transferFrom(
address sender,
address recipient,
uint256 amount
) external returns (bool);

Impact

This vulnerability allows an attacker to continuously drain a victim’s token balance by exploiting the unsafe approve() mechanism.

Tools Used

Ran unit tests to simulate and confirm the exploit scenario.

Recommendations

Implement EIP-2612 (Permit), which allows token approvals via signed messages instead of transactions:

bytes32 structHash = keccak256(
abi.encode(
keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)"),
owner, spender, value, _nonces[owner]++, deadline
)
);
bytes32 digest = keccak256(
abi.encodePacked("\x19\x01", DOMAIN_SEPARATOR, structHash)
);
address signer = ecrecover(digest, v, r, s);
require(signer == owner, "Invalid signature");
allowances[owner][spender] = value;
emit Approval(owner, spender, value);}
Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.