search

code-423n4 / 2021-09-defiprotocol-findings

1 stars 0 forks source link

Max approvals are risky if contract is malicious/compromised
 #191

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

0xRajeev

Vulnerability details

Impact

Maximum approvals are widely considered as unsafe if the approved contract becomes compromised/malicious.

Proof of Concept

https://github.com/code-423n4/2021-09-defiProtocol/blob/52b74824c42acbcd64248f68c40128fe3a82caf6/contracts/contracts/Basket.sol#L226

Tools Used

Manual Analysis

Recommended Mitigation Steps

Consider redesigning for approvals on specific amounts.

GalloDaSballo commented 2 years ago

Given the lack of a specific attack vector am downgrading to non-critical