Redundant Token Approval → Unnecessary State Change
Redundant Token Approval → Unnecessary State Change
Description
-
In a flash-loan–based unwind operation, token approvals should be granted only immediately before a protocol interaction that consumes the allowance (e.g.,
repay,supply). Once the action is completed, no additional approvals are required. -
In
_executeUnwindOperation, the contract grants an ERC20 approval to the Aave Pool after all interactions that require the allowance have already completed. This approval is never consumed and has no functional effect, resulting in a redundant state change that increases gas usage and reduces code clarity.ces
Risk
Likelihood:
-
The line is always executed on every successful unwind operations
-
No condition prevents it
Impact:
-
No direct loss of funds
-
Causes unnecessary gas consumption
-
Reduced readability
Proof of Concept
This issue does not result in a practical exploit. However, if you were to remove the line and execute, it will pass all the same.
Recommended Mitigation
Remove the redundant approval to reduce unnecessary state changes:
As a best practice:
-
Grant approvals only immediately before they are consumed
-
Avoid “defensive approvals” without a corresponding action
-
Optional improvement:
Add comments explaining why approvals exist when multiple Aave interactions occur in a single function
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.
Rewards Distribution
The contest is complete and the rewards are being distributed.