Open code423n4 opened 2 years ago
In Vcon contract, using approve() to manage allowances opens yourself and users of the token up to frontrunning.
https://docs.google.com/document/d/1YLPtQxZu1UAvO9cZ1O2RPXBbT0mooh4DYKjA_jp-RLM/edit#heading=h.b32yfk54vyg9
https://github.com/code-423n4/2022-03-volt/blob/main/contracts/vcon/Vcon.sol#L174-L189
None
Add increaseAllowance and decreaseAllowance methods in Vcon contract.
Low
Race condition in approve()
Impact
In Vcon contract, using approve() to manage allowances opens yourself and users of the token up to frontrunning.
https://docs.google.com/document/d/1YLPtQxZu1UAvO9cZ1O2RPXBbT0mooh4DYKjA_jp-RLM/edit#heading=h.b32yfk54vyg9
Proof of Concept
https://github.com/code-423n4/2022-03-volt/blob/main/contracts/vcon/Vcon.sol#L174-L189
Tools Used
None
Recommended Mitigation Steps
Add increaseAllowance and decreaseAllowance methods in Vcon contract.