search

code-423n4 / 2021-07-spartan-findings

0 stars 0 forks source link

`Approval` event not emitted if the allowance is the maximum #231

Closed code423n4 closed 3 years ago

code423n4 commented 3 years ago

Handle

shw

Vulnerability details

Impact

According to the BEP20 specification, the Approval event:

MUST trigger on any successful call to approve(address _spender, uint256 _value).

However, the implementation of pool LP tokens and synths do not emit the Approval event when the allowance is the maximum number, i.e., type(uint256).max.

Proof of Concept

Referenced code: Pool.sol#L101 Synth.sol#L95

Recommended Mitigation Steps

Emit the Approval event whenever the approve call succeeds, even if the allowance does not change.

SamusElderg commented 3 years ago

Duplicate of #29

ghoul-sol commented 3 years ago

I'll keep this one as low risk rather than invalid since it touches an event part of the issue. See #153