The approver might spend both the old and the new allowance instead of just the new allowance.
Recommended Mitigation Steps
Consider the risk and use functions that increase/decrease the allowance relative to its current value, such as increaseAllowance() and decreaseAllowance().
Handle
@cmichelio
Vulnerability details
Vulnerability Details
The
Pool.deposit
function and the LPs are vulnerable to the allowance double-spend exploit.Impact
The approver might spend both the old and the new allowance instead of just the new allowance.
Recommended Mitigation Steps
Consider the risk and use functions that increase/decrease the allowance relative to its current value, such as
increaseAllowance()
anddecreaseAllowance()
.