function approveTransferERC20 is vulnerable to the sandwich attack. Similar to the erc20 approve issue described here: https://blog.smartdec.net/erc20-approve-issue-in-simple-words-a41aaf47bca6
A malicious delegate can scout for a approveTransferERC20 change and sandwich that (delegatedTransferERC20 amount A, approveTransferERC20 amount A->B, delegatedTransferERC20 amount B). It is more of a theoreticall issue and mostly depends on the honesty of the delegators. If we can assume that delegators are trustable actors, then this is very unlikely to happen.
Recommended Mitigation Steps
Possible mitigation could be to replace approveTransferERC20 with increasing/decreasing functions.
Handle
paulius.eth
Vulnerability details
Impact
function approveTransferERC20 is vulnerable to the sandwich attack. Similar to the erc20 approve issue described here: https://blog.smartdec.net/erc20-approve-issue-in-simple-words-a41aaf47bca6 A malicious delegate can scout for a approveTransferERC20 change and sandwich that (delegatedTransferERC20 amount A, approveTransferERC20 amount A->B, delegatedTransferERC20 amount B). It is more of a theoreticall issue and mostly depends on the honesty of the delegators. If we can assume that delegators are trustable actors, then this is very unlikely to happen.
Recommended Mitigation Steps
Possible mitigation could be to replace approveTransferERC20 with increasing/decreasing functions.