Platform: Code4rena
Start Date: 07/06/2022
Pot Size: $75,000 USDC
Total HM: 11
Participants: 77
Period: 7 days
Judge: gzeon
Total Solo HM: 7
Id: 124
League: ETH
Rank: 58/77
Findings: 1
Award: $88.16
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: berndartmueller
Also found by: 0x1f8b, 0x29A, 0xDjango, 0xNazgul, 0xNineDec, 0xf15ers, 0xkatana, 0xmint, Bronicle, Chom, Cityscape, Deivitto, Funen, GimelSec, GreyArt, IllIllI, JC, Lambda, Meera, Nethermind, Picodes, PierrickGT, Ruhum, Sm4rty, Tadashi, TerrierLover, TomJ, Trumpero, Waze, _Adam, antonttc, ayeslick, c3phas, catchup, cccz, cloudjunky, cryptphi, csanuragjain, delfin454000, dipp, ellahi, fatherOfBlocks, hake, hansfriese, hyh, joestakey, jonah1005, kenzo, minhquanym, oyc_109, sach1r0, saian, simon135, slywaters, sorrynotsorry, sseefried, unforgiven, xiaoming90, z3s, zzzitron
88.1603 USDC - $88.16
approve(0) when minting an fCash position from NotionalTradeModule.solNotionalTradeModule.sol#L493-L505
The _approve function in NotionalTradeModule.sol calls the SetToken's invoke function which calls approve for the sendToken if the allowance of the wrapped fCash position is less than the maxAssetAmount. If the sendToken is an ERC token with a non-standard approve function, such as USDT, then the approval might fail if the allowance of the fCash is more than 0 but less than _maxAssetAmount.
Consider calling the _sendToken's approve function to set the allowance of the fCash position to 0 before approving to _maxAssetAmount.
To ensure that necessary variable addresses aren't set to the zero-address, consider adding zero-address checks for all addresses supplied as input to the constructors.