ghost
commented
3 years ago sponsor acknowledged We will consider a refactor
Open code423n4 opened 3 years ago
ghost
commented
3 years ago sponsor acknowledged We will consider a refactor
ztcrypto
commented
3 years ago this is skiped for now
Handle
paulius.eth
Vulnerability details
Impact
function approveTransferERC20 is vulnerable to the sandwich attack. Similar to the erc20 approve issue described here: https://blog.smartdec.net/erc20-approve-issue-in-simple-words-a41aaf47bca6 A malicious delegate can scout for a approveTransferERC20 change and sandwich that (delegatedTransferERC20 amount A, approveTransferERC20 amount A->B, delegatedTransferERC20 amount B). It is more of a theoreticall issue and mostly depends on the honesty of the delegators. If we can assume that delegators are trustable actors, then this is very unlikely to happen.
Recommended Mitigation Steps
Possible mitigation could be to replace approveTransferERC20 with increasing/decreasing functions.