Many ERC20 tokens use the OpenZeppelin ERC20 library. The OLEToken.sol contract does not. The OpenZeppelin ERC20 library includes the non-standard increaseAllowance and decreaseAllowance functions to mitigate the allowance double spend issue that exists if these functions are not available. While this frontrunning attack vector is not the most common, removing a solution to the problem means users have no good options to prevent against this risk.
Proof of Concept
The OLEToken.sol ERC20 contract only implements the minimum requirements for an ERC20 token. It does not implement the non-standard increaseAllowance and decreaseAllowance functions which provide a safer way to adjusting a user's allowance.
Recommended Mitigation Steps
Add the non-standard increaseAllowance and decreaseAllowance functions from the OpenZeppelin ERC20 library to OLEToken.sol to mitigate the allowance double spend issue
ColaM12
commented
2 years ago
Handle
sirhashalot
Vulnerability details
Impact
Many ERC20 tokens use the OpenZeppelin ERC20 library. The OLEToken.sol contract does not. The OpenZeppelin ERC20 library includes the non-standard
increaseAllowanceanddecreaseAllowancefunctions to mitigate the allowance double spend issue that exists if these functions are not available. While this frontrunning attack vector is not the most common, removing a solution to the problem means users have no good options to prevent against this risk.Proof of Concept
The OLEToken.sol ERC20 contract only implements the minimum requirements for an ERC20 token. It does not implement the non-standard
increaseAllowanceanddecreaseAllowancefunctions which provide a safer way to adjusting a user's allowance.Recommended Mitigation Steps
Add the non-standard
increaseAllowanceanddecreaseAllowancefunctions from the OpenZeppelin ERC20 library to OLEToken.sol to mitigate the allowance double spend issue