The _approve functions of the pool LP tokens and synths do nothing if the _allowances is already the maximum number, i.e., type(uint256).max. Therefore, Alice cannot change her allowance to Bob once she approved him with the maximum approval.
Consider removing the _allowances[owner][spender] < type(uint256).max condition of _approve to allow users to reset their allowance to others even if it is the maximum.
SamusElderg
commented
3 years ago
Handle
shw
Vulnerability details
Impact
The
_approvefunctions of the pool LP tokens and synths do nothing if the_allowancesis already the maximum number, i.e.,type(uint256).max. Therefore, Alice cannot change her allowance to Bob once she approved him with the maximum approval.Proof of Concept
Referenced code: Pool.sol#L99 Synth.sol#L93
Recommended Mitigation Steps
Consider removing the
_allowances[owner][spender] < type(uint256).maxcondition of_approveto allow users to reset their allowance to others even if it is the maximum.