search

code-423n4 / 2021-07-spartan-findings

0 stars 0 forks source link

DAO approval amount too high for token #157

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

cmichel

Vulnerability details

Vulnerability Details

The DAO.handleTransferIn function approves the Router with a value of iBEP20(_token).totalSupply(), but only needs _amount.

Impact

For safety, the approval should only be set to the lowest amount required.

Recommended Mitigation Steps

Only approve _amount instead of the total token supply.

verifyfirst commented 3 years ago

This is by design to reduce gas price. Router is apart of the protocol and thus can be approved max

ghoul-sol commented 3 years ago

Best practice, non-critical.