Arcade.xyz - zaevlad's results

Lines of code

https://github.com/code-423n4/2023-07-arcade/blob/main/contracts/ArcadeTreasury.sol#L117 https://github.com/code-423n4/2023-07-arcade/blob/main/contracts/ArcadeTreasury.sol#L198 https://github.com/code-423n4/2023-07-arcade/blob/main/contracts/ArcadeTreasury.sol#L303

Vulnerability details

Impact

GSC is not able to get approve back if it was issued to the wrong user. And it can cause time problems for the GSC itself.

Proof of Concept

Contract admin can set an allowance for GSC one time per 7 days:

    uint48 public constant SET_ALLOWANCE_COOL_DOWN = 7 days;

    function setGSCAllowance(address token, uint256 newAllowance) external onlyRole(ADMIN_ROLE) {
        ...

        if (uint48(block.timestamp) < lastAllowanceSet[token] + SET_ALLOWANCE_COOL_DOWN) {
            revert T_CoolDownPeriod(block.timestamp, lastAllowanceSet[token] + SET_ALLOWANCE_COOL_DOWN);
        }

  ...

        lastAllowanceSet[token] = uint48(block.timestamp);
        gscAllowance[token] = newAllowance;
    }

And it cannot be more than thresholds.small. So, for example, it grats an allowance to spend 1000 tokens.

GSC can spend it by itself via gscSpend() or allow other user to transfer tokens via gscApprove(). Both of these functions reduce the allovance for GSC.

If by any chance GSC gives an approve to an invalid or wrong user, there is no way to get the approve back or zero it. Moreover that "bad user" will have approve for the later period.

And GSC will not able to save tokens and transfer the full amount of it because of their allowance was already reduced.

Also they will have to wait for 7 days when admin will be able to reset the allowance for GSC.

Tools Used

Manual review

Recommended Mitigation Steps

Provide an additional function to disapprove or zero "bad users" for GSC.

Assessed type

Governance