kingyetifinance
commented
2 years ago @LilYeti : Check exists for owner to be 0 address. https://github.com/code-423n4/2021-12-yetifinance/blob/main/packages/contracts/contracts/YETI/sYETIToken.sol#L161
Closed code423n4 closed 2 years ago
kingyetifinance
commented
2 years ago @LilYeti : Check exists for owner to be 0 address. https://github.com/code-423n4/2021-12-yetifinance/blob/main/packages/contracts/contracts/YETI/sYETIToken.sol#L161
alcueca
commented
2 years ago Dispute accepted.
Handle
0x1f8b
Vulnerability details
Impact
Approve burned tokens from
YETIToken.Proof of Concept
The method
permitinYETITokendoesn't check that the address is address(0), this is the default value when the method fail, so with a wrong call, it's possible to call_approvewithowner=address(0)andspender=attacker. If there are tokens burned, you will have an allowance with all of these tokens. This could be an evidence of funds for external contracts or dapps.Tools Used
Manual review.
Recommended Mitigation Steps
Check that
recoveredAddressis not empty.