search

code-423n4 / 2021-04-maple-findings

0 stars 0 forks source link

Allowance Double-Spend Exploit #89

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

@cmichelio

Vulnerability details

Vulnerability Details

The Pool.deposit function and the LPs are vulnerable to the allowance double-spend exploit.

Impact

The approver might spend both the old and the new allowance instead of just the new allowance.

Recommended Mitigation Steps

Consider the risk and use functions that increase/decrease the allowance relative to its current value, such as increaseAllowance() and decreaseAllowance().

lucas-manuel commented 3 years ago

Informational, won't address