Platform: Code4rena
Start Date: 21/07/2023
Pot Size: $90,500 USDC
Total HM: 8
Participants: 60
Period: 7 days
Judge: 0xean
Total Solo HM: 2
Id: 264
League: ETH
Rank: 24/60
Findings: 1
Award: $471.90
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Juntao
Also found by: Jiamin, Juntao, UniversalCrypto, auditsea, circlelooper, crunch, lanrebayode77, vangrim, zaevlad
471.8972 USDC - $471.90
Should not reduce gscAllowance[token] when CORE_VOTING_ROLE user trys to decrease token allowance, transaction may fail otherwise.
Function gscApprove(address token, address spender, uint256 amount) can be called by CORE_VOTING_ROLE user to approve token to some other addresses.
When approve, gscAllowance[token] is reduced:
gscAllowance[token] -= amount;
If CORE_VOTING_ROLE user gives full allowance to an address and then wants to decrease the approved allowance a little bit, transaction will fail due to math error as there is no gscAllowance[token] left.
Manual Review
It's recommended not to reduce gscAllowance[token] when CORE_VOTING_ROLE user trys to decrease token allowance
Access Control
#0 - c4-pre-sort
2023-07-30T12:14:29Z
141345 marked the issue as duplicate of #263
#1 - c4-pre-sort
2023-08-01T07:42:41Z
141345 marked the issue as not a duplicate
#2 - c4-pre-sort
2023-08-01T07:42:48Z
141345 marked the issue as duplicate of #58
#3 - c4-judge
2023-08-10T14:42:48Z
0xean changed the severity to 2 (Med Risk)
#4 - c4-judge
2023-08-11T01:40:44Z
0xean marked the issue as satisfactory