Router calls to `nTokenAction.nTokenTransferApprove` fail

[code423n4]

Handle

cmichel

Vulnerability details

Vulnerability Details

The Router forwards nTokenTransferApprove calls to the nTokenAction implementation. However, these always fail due to the msg.sender == nTokenAddress check.

Recommended Mitigation Steps

This call failing seems to be the intended behavior but it shouldn't even be forwarded in the Router. Remove sig == nTokenAction.nTokenTransferApprove.selector from the getRouterImplementation as it indicates that this is a valid function call.

[jeffywu]

Calling approve on the nToken will forward the call to the Router which will then delegate call to the nTokenTransferApprove method. This is the intended functionality and will pass the require statement because the delegate call does not change the msg.sender