uN2RVw5q
commented
3 years ago Duplicate of https://github.com/code-423n4/2021-09-yaxis-findings/issues/63
Implemented and merged: https://github.com/code-423n4/2021-09-yaxis/pull/13
Closed code423n4 closed 2 years ago
uN2RVw5q
commented
3 years ago Duplicate of https://github.com/code-423n4/2021-09-yaxis-findings/issues/63
Implemented and merged: https://github.com/code-423n4/2021-09-yaxis/pull/13
GalloDaSballo
commented
2 years ago Duplicate of #63
Handle
0xsanson
Vulnerability details
Impact
In
BaseStrategy.approveForSpenderthere's a_token.safeApprove(_spender, _amount)call. This call will revert if the allowance is already different from zero.Proof of Concept
Openzeppelin's SafeERC20: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/utils/SafeERC20.sol#L53
Tools Used
editor
Recommended Mitigation Steps
Add a
_token.safeApprove(_spender, 0)first.