search

code-423n4 / 2022-01-dev-test-repo-findings

2 stars 1 forks source link

Return values of `approve()` not checked #362

Open code423n4 opened 7 months ago

code423n4 commented 7 months ago

Lines of code

321, 215, 184, 450, 761, 217, 157, 234, 339, 386, 76, 106, 107, 108, 172, 174, 79, 80, 81, 143, 144, 80, 134, 135, 94, 151, 153

Vulnerability details

Not all IERC20 implementations revert() when there's a failure in approve(). The function signature has a boolean return value and they indicate errors that way instead. By not checking the return value, operations that should have marked as failed, may potentially go through without actually approving anything

File: contracts/Balancer.sol

321:         erc20.approve(address(router), _amount);

File: contracts/tOFT/modules/BaseTOFTLeverageModule.sol

215:         IERC20(erc20).approve(externalData.swapper, amount);

File: contracts/tOFT/modules/BaseTOFTStrategyModule.sol

184:         _erc20.approve(address(yieldBox), _amount);

File: contracts/markets/bigBang/BigBang.sol

450:             asset.approve(address(yieldBox), totalFees);

761:         asset.approve(address(yieldBox), amount);

File: contracts/usd0/modules/USDOLeverageModule.sol

217:         IERC20(swapData.tokenOut).approve(externalData.tOft, amountOut);

File: contracts/Magnetar/modules/MagnetarMarketModule.sol

157              IERC20(collateralAddress).approve(
158                  address(yieldBox),
159                  collateralAmount
160:             );

234:             IERC20(assetAddress).approve(address(yieldBox), depositAmount);

339                  IERC20(bbCollateralAddress).approve(
340                      address(yieldBox),
341                      mintData.collateralDepositData.amount
342:                 );

386              IERC20(sglAssetAddress).approve(
387                  address(yieldBox),
388                  depositData.amount
389:             );

File: contracts/aave/AaveStrategy.sol

76:          rewardToken.approve(_multiSwapper, type(uint256).max);

File: contracts/convex/ConvexTricryptoStrategy.sol

106:         lpToken.approve(_lpGetter, type(uint256).max);

107:         lpToken.approve(_booster, type(uint256).max);

108:         rewardToken.approve(_multiSwapper, type(uint256).max);

172:         rewardToken.approve(address(swapper), 0);

174:         rewardToken.approve(_swapper, type(uint256).max);

File: contracts/curve/TricryptoLPStrategy.sol

79:          lpToken.approve(_lpGauge, type(uint256).max);

80:          lpToken.approve(_lpGetter, type(uint256).max);

81:          rewardToken.approve(_multiSwapper, type(uint256).max);

143:         rewardToken.approve(address(swapper), 0);

144:         rewardToken.approve(_swapper, type(uint256).max);

File: contracts/curve/TricryptoNativeStrategy.sol

80:          rewardToken.approve(_multiSwapper, type(uint256).max);

134:         rewardToken.approve(address(swapper), 0);

135:         rewardToken.approve(_swapper, type(uint256).max);

File: contracts/stargate/StargateStrategy.sol

94:          stgTokenReward.approve(_swapper, type(uint256).max);

151:         stgTokenReward.approve(address(swapper), 0);

153:         stgTokenReward.approve(_swapper, type(uint256).max);

Assessed type

other