Closed code423n4 closed 2 years ago
Duplicate of #185 #6 #235
stakeFor
will transferFrom
which uses the entire allowance, in lack of a demonstration of a revert, considering that this is the code powering Convex and Aura finance am marking this invalid
Lines of code
https://github.com/code-423n4/2022-05-vetoken/blob/2d7cd1f6780a9bcc8387dea8fecfbd758462c152/contracts/Booster.sol#L373-L376 https://github.com/code-423n4/2022-05-vetoken/blob/2d7cd1f6780a9bcc8387dea8fecfbd758462c152/contracts/VeAssetDepositor.sol#L158-L164
Vulnerability details
Impact
OpenZeppelin’s implementation of safeApprove won't work if approved amount is not set to
0
. so the logics will fail if code don't set it0
first. BothVeToken
andVE3Token
use OpenZeppelin’s ERC20 implementation andVeAssetDepositor
andBooster
callssafeApprove()
of that tokens multiple times anddeposit()
function.Proof of Concept
This is where
VeAssetDepositor
andBooster
and callssafeApprove
:which don't set it to
0
first so those logics(deposit()
) will be broken if the current approve value don't be0
Tools Used
VIM
Recommended Mitigation Steps
set approved amount to
0
first.