Add Increase/Decrease allowance to prevent sandwich attacks

casper-ecosystem / cep18

Implementation of ERC20 token for the CasperLabs platform.

https://casper.network/docs/dapp-dev-guide

Apache License 2.0

27 stars 46 forks source link

Add Increase/Decrease allowance to prevent sandwich attacks #59

Closed davidtai closed 1 year ago

davidtai commented 1 year ago

This note from our security audit was never pushed back to the casper labs erc20 https://github.com/Rengo-Labs/CasperLabs-Crates/blob/6e2e449d11c097df318e6660667dc85c8bc12aae/casper_erc20_new/src/lib.rs#L207 https://github.com/Rengo-Labs/CasperLabs-Crates/blob/6e2e449d11c097df318e6660667dc85c8bc12aae/casper_erc20_new/src/lib.rs#L223

Per QSP-7 https://certificate.quantstamp.com/full/rengo-labs

RitaMAllenCA commented 1 year ago

@deuszex reach out, get details, confirm vulnerability and follow up with Karan

RitaMAllenCA commented 1 year ago

spoke with David Tai about the sandwich attack thingy turns out it's "just" a double spend attack their resolution is breaking the API, so no immidiate solution from me, but will be addressed in the "rework"