code423n4 commented 3 years ago

Handle

@cmichelio

Vulnerability details

The latest Vether contract does not emit the Approval event on transferFrom. It should if the approval changed.

Off-chain scripts cannot keep track of the correct approvals and might suggest wrong approvals for the frontend.

Emit the Approval event when the approval is decreased in transferFrom.

strictly-scarce commented 3 years ago

Vether not applicable

dmvt commented 3 years ago

duplicate of #250