search

code-423n4 / 2022-04-dualityfocus-findings

1 stars 0 forks source link

UniV3LpVault flash loans can become unavailable if a user didn't utilized the full limit #46

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-04-dualityfocus/blob/main/contracts/vault_and_oracles/UniV3LpVault.sol#L418

Vulnerability details

Impact

If a user didn't utilized the whole amount on the first call, the flashFocusCall can fail for second and subsequent runs when params.asset is a token that use approval race protection.

Placing severity to medium as flashFocusCall reverts in this case, and the flash loan functionality becomes unavailable for the user.

Proof of Concept

flashFocusCall approves flashLoan for a positive owedBack amount:

https://github.com/code-423n4/2022-04-dualityfocus/blob/main/contracts/vault_and_oracles/UniV3LpVault.sol#L418

params.asset can be arbitrary ERC20 token, while some tokens do not allow an approval of a positive value if allowance is positive already:

https://github.com/d-xo/weird-erc20#approval-race-protections

Recommended Mitigation Steps

Consider adding zero amount approval before actual amount approval, i.e. guarantee that the allowance is zero.

0xdramaone commented 2 years ago

Good find, agreed that we should do approve 0 calls here.

kismet108 commented 2 years ago

Duplicate of #39