Platform: Code4rena
Start Date: 13/12/2021
Pot Size: $75,000 USDC
Total HM: 11
Participants: 30
Period: 7 days
Judge: leastwood
Total Solo HM: 4
Id: 68
League: ETH
Rank: 25/30
Findings: 1
Award: $76.03
π Selected for report: 1
π Solo Findings: 0
π Selected for report: sirhashalot
Also found by: GiveMeTestEther, JMukesh, Ruhum, WatchPug, defsec, robee
76.0316 USDC - $76.03
sirhashalot
Multiple files within the contracts/basket/contracts/singleJoinExit/ directory call token.approve() for an ERC20 token, but these calls do not verify whether the approve() call failed. Some ERC20 tokens do not revert if an approval fails, and because the return value is not checked, the contract would not be aware of this failure, potentially causing malfunctions in later operations. Using a function from SafeERC20 that checks the return value would mitigate this edge case.
token.approve() is found in several locations:
Manual analysis
While the OpenZeppelin SafeERC20 safeApprove() function could be used to revert on approve failures unlike the standard approve(), the safeApprove() function is deprecated and instead OpenZeppelin recommends either safeIncreaseAllowance() or safeDecreaseAllowance(). Because uint256(-1) should be an increase, replace each instance of token.approve(spender, uint256(-1)) with token.safeIncreaseAllowance(spender, uint256(-1)).
#0 - loki-sama
2021-12-30T13:32:11Z
In our case safeApprove() would be better as we don't care about front running the approval and safeIncreaseAllowance() would fail when allowance is bigger then 0.