0xstormtrooper
commented
2 years ago Open Zeppelin 4.3.2 ERC20 implements increaseAllowance and decreaseAllowance
SafeERC20 is not needed
Closed code423n4 closed 2 years ago
0xstormtrooper
commented
2 years ago Open Zeppelin 4.3.2 ERC20 implements increaseAllowance and decreaseAllowance
SafeERC20 is not needed
Handle
cccz
Vulnerability details
Impact
Vader and USDV contracts use OZ’s ERC20 library, and ERC20 library uses approve() to manage allowances, which may lead to frontrunning attacks.
https://docs.google.com/document/d/1YLPtQxZu1UAvO9cZ1O2RPXBbT0mooh4DYKjA_jp-RLM/edit#heading=h.b32yfk54vyg9
Proof of Concept
https://github.com/code-423n4/2021-12-vader/blob/main/contracts/tokens/Vader.sol#L27 https://github.com/code-423n4/2021-12-vader/blob/main/contracts/tokens/USDV.sol#L17
Tools Used
Manual analysis
Recommended Mitigation Steps
Using SafeERC20 library