Platform: Code4rena
Start Date: 30/11/2021
Pot Size: $100,000 USDC
Total HM: 15
Participants: 36
Period: 7 days
Judge: 0xean
Total Solo HM: 4
Id: 62
League: ETH
Rank: 29/36
Findings: 1
Award: $440.58
π Selected for report: 1
π Solo Findings: 0
π Selected for report: egjlmn1
Also found by: WatchPug, itsmeSTYJ, toastedsteaksandwich
440.5795 USDC - $440.58
egjlmn1
a user can steal another user's tokens if he frontrun before he changes the allowance.
The approve() function receives an amount to change to.
Lets say user A approved user B to take N tokens, and now he wants to change from N to M, if he calls approve(M) the attacker can frontrun, take the N tokens, wait until after the approve transaction, and take another M tokens. And taking N tokens more than the user wanted.
Manual code review
Change the approve function to either accept the old amount of allowance and require the current allowance to be equal to that, or change to two different functions that increase and decrease the allowance instead of straight on changing it.
#0 - 0xean
2022-01-14T22:46:57Z
Front running of the approve ERC20 function is pretty well documented and this point and there are some good ways to mitigate this risk. I am going to downgrade to Medium since there are some other requirements for this to actual mean that assets have been lost
2 β Med: Assets not at direct risk, but the function of the protocol or its availability could be impacted, or leak value with a hypothetical attack path with stated assumptions, but external requirements.