code-423n4 / 2021-04-vader-findings

1 stars 0 forks source link

Transaction-Order-Dependence race condition for Vader token approve() #151

Closed code423n4 closed 3 years ago

code423n4 commented 3 years ago

Handle

0xRajeev

Vulnerability details

Impact

ERC20 approve() is susceptible to allowance double-spend due to front-running. This is the classic ERC20 approve() race condition where a malicious spender can double-spend allowance (old and new allowance) by front-running the owner’s approve() call that aims to change the allowance.

For reference, see https://swcregistry.io/docs/SWC-114.

Proof of Concept

https://github.com/code-423n4/2021-04-vader/blob/3041f20c920821b89d01f652867d5207d18c8703/vader-protocol/contracts/Vader.sol#L95-L99

Tools Used

Manual Analysis

Recommended Mitigation Steps

Use increaseAllowance() and decreaseAllowance() instead of approve().

strictly-scarce commented 3 years ago

https://github.com/code-423n4/2021-04-vader-findings/issues/71

dmvt commented 3 years ago

duplicate of #35