code423n4 commented 2 years ago

Handle

samruna

Vulnerability details

Impact

Token approval can be done from another contract. This can lead to drain of gas fee from the contract which is used to approve

Proof of Concept

const tokenAddress = (await deployments.get("ERC20Token")).address; const token = await ethers.getContractAt("ERC20Token", tokenAddress);

const factoryAddress = (await deployments.get("RocketJoeFactory")).address;
const factory = await ethers.getContractAt(
  "RocketJoeFactory",
  factoryAddress
);

const tokenAmount = ethers.utils.parseEther("105");

await token.mint(deployer, tokenAmount);
await token.approve(factoryAddress, tokenAmount);

In above step, if we replace "factoryAddress" with another contract address, this can be a test or actual token address, minting does not happen but gas fee is used.

Tools Used

VS Code, rinkeby test network

Recommended Mitigation Steps

before approval check, if the contract is used for approval is the same as Factory contract

cryptofish7 commented 2 years ago

I don't see the vulnerability here nor do I agree with the severity (assets are not at risk)

dmvt commented 2 years ago

This is invalid. A deployer cannot by definition steal from themselves.

code-423n4 / 2022-01-trader-joe-findings