search

code-423n4 / 2022-06-badger-findings

0 stars 0 forks source link

Approval must be set to zero and after that increased to the amount you need. #61

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/Badger-Finance/vested-aura/blob/d504684e4f9b56660a9e6c6dfb839dcebac3c174/contracts/MyStrategy.sol#L65 https://github.com/Badger-Finance/vested-aura/blob/d504684e4f9b56660a9e6c6dfb839dcebac3c174/contracts/MyStrategy.sol#L67 https://github.com/Badger-Finance/vested-aura/blob/d504684e4f9b56660a9e6c6dfb839dcebac3c174/contracts/MyStrategy.sol#L68

Vulnerability details

Impact

Approval must be set to zero and after that increased to the amount you need. Some of the tokens such as USDT require that. Please read more information here: https://adrianhetman.com/unboxing-erc20-approve-issues

Affected code:

  1. https://github.com/Badger-Finance/vested-aura/blob/d504684e4f9b56660a9e6c6dfb839dcebac3c174/contracts/MyStrategy.sol#L65
  2. https://github.com/Badger-Finance/vested-aura/blob/d504684e4f9b56660a9e6c6dfb839dcebac3c174/contracts/MyStrategy.sol#L67
  3. https://github.com/Badger-Finance/vested-aura/blob/d504684e4f9b56660a9e6c6dfb839dcebac3c174/contracts/MyStrategy.sol#L68

Proof of Concept

Tools Used

Recommended Mitigation Steps

GalloDaSballo commented 2 years ago

Not on initialization which means the approval is already 0

Disputed