The Synth.approveAndCall function approves the recipient contract with the max value instead of only the required amount.
Impact
For safety, the approval should not be set to the max value, especially if the amount that the contract may use is already known in this call, like this is the case for approveAndCall.
Handle
cmichel
Vulnerability details
Vulnerability Details
The
Synth.approveAndCallfunction approves therecipientcontract with the max value instead of only the requiredamount.Impact
For safety, the approval should not be set to the max value, especially if the amount that the contract may use is already known in this call, like this is the case for
approveAndCall.Recommended Mitigation Steps
Only approve
amount.