0xleastwood
commented
2 years ago approveUnderlying() is called by setNewWeights(), so its necessary that it approves the zero amount beforehand as certain USDT-like tokens require this.
Closed code423n4 closed 2 years ago
0xleastwood
commented
2 years ago approveUnderlying() is called by setNewWeights(), so its necessary that it approves the zero amount beforehand as certain USDT-like tokens require this.
Handle
neslinesli93
Vulnerability details
Impact
The
approveUnderlyingfunction callssafeApprovetwice: once with0, and finally withtype(uint256).max. The first call wastes gas since the function is called only during basket initialization, thus the allowance attack does not apply hereProof of Concept
https://github.com/code-423n4/2021-12-defiprotocol/blob/main/contracts/contracts/Basket.sol#L276
Recommended Mitigation Steps
Remove first call to
safeApprove