Closed code423n4 closed 2 years ago
0xsanson
In BaseStrategy.approveForSpender there's a _token.safeApprove(_spender, _amount) call. This call will revert if the allowance is already different from zero.
BaseStrategy.approveForSpender
_token.safeApprove(_spender, _amount)
Openzeppelin's SafeERC20: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/utils/SafeERC20.sol#L53
editor
Add a _token.safeApprove(_spender, 0) first.
_token.safeApprove(_spender, 0)
Duplicate of https://github.com/code-423n4/2021-09-yaxis-findings/issues/63
Implemented and merged: https://github.com/code-423n4/2021-09-yaxis/pull/13
Duplicate of #63
Handle
0xsanson
Vulnerability details
Impact
In
BaseStrategy.approveForSpender
there's a_token.safeApprove(_spender, _amount)
call. This call will revert if the allowance is already different from zero.Proof of Concept
Openzeppelin's SafeERC20: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/utils/SafeERC20.sol#L53
Tools Used
editor
Recommended Mitigation Steps
Add a
_token.safeApprove(_spender, 0)
first.