The Gov contract uses the SafeERC20 library to handle the transfer of tokens that are not compliant with the ERC20 specification. However, in line 300, the approve function is used instead of the safeApprove function. Tokens not compliant with the ERC20 specification could return false from the approve call to indicate the approval fails, while the calling contract would not notice the failure if the return value is not checked.
Use safeApprove instead of approve, which reverts the transaction with a proper error message when the return value of approve is false. A better approach is to use safeIncreaseAllowance instead, which mitigates the multiple withdrawal attack on ERC20 tokens.
Evert0x
commented
3 years ago
Handle
shw
Vulnerability details
Impact
The
Govcontract uses theSafeERC20library to handle the transfer of tokens that are not compliant with the ERC20 specification. However, in line 300, theapprovefunction is used instead of thesafeApprovefunction. Tokens not compliant with the ERC20 specification could returnfalsefrom theapprovecall to indicate the approval fails, while the calling contract would not notice the failure if the return value is not checked.Proof of Concept
Referenced code: Gov.sol#L300
Recommended Mitigation Steps
Use
safeApproveinstead ofapprove, which reverts the transaction with a proper error message when the return value ofapproveisfalse. A better approach is to usesafeIncreaseAllowanceinstead, which mitigates the multiple withdrawal attack on ERC20 tokens.