Not all IERC20 implementations revert() when there's a failure in approve(). The function signature has a boolean return value and they indicate errors that way instead. By not checking the return value, operations that should have marked as failed, may potentially go through without actually approving anything
Lines of code
321, 215, 184, 450, 761, 217, 157, 234, 339, 386, 76, 106, 107, 108, 172, 174, 79, 80, 81, 143, 144, 80, 134, 135, 94, 151, 153
Vulnerability details
Not all
IERC20
implementationsrevert()
when there's a failure inapprove()
. The function signature has aboolean
return value and they indicate errors that way instead. By not checking the return value, operations that should have marked as failed, may potentially go through without actually approving anythingAssessed type
other