code-423n4 / 2021-04-vader-findings

1 stars 0 forks source link

Allowance not checked when calling transferFrom #249

Closed code423n4 closed 3 years ago

code423n4 commented 3 years ago

Handle

a_delamo

Vulnerability details

Here you have more information: https://gist.github.com/alexon1234/1e1cdb16d364e7381aaba038afedc2f5

strictly-scarce commented 3 years ago

Not valid.

It's subtle, but

_approve(sender, msg.sender, _allowances[sender][msg.sender] - amount);

contains the operation _allowances[sender][msg.sender] - amount which will revert if there is no allowance in excess of amount, since the new v0.8 solidity contains built-in safemath.

dmvt commented 3 years ago

While it is true that the transaction will revert, it will do so without a clear error message

dmvt commented 3 years ago

duplicate of #20