Closed code423n4 closed 2 years ago
Duplicate of #154
Closed as duplicate of https://github.com/code-423n4/2022-06-connext-findings/issues/154
No explanation on how bridge transfers are impacted (potentially locking funds), hence I'll downgrade this to QA
.
Merging with #263.
Lines of code
https://github.com/code-423n4/2022-06-connext/blob/b4532655071566b33c41eac46e75be29b4a381ed/contracts/contracts/core/connext/libraries/AssetLogic.sol#L347
Vulnerability details
Impact
Transaction reverting.
Proof of Concept
"SafeERC20: approve from non-zero to non-zero allowance"
): https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/utils/SafeERC20.sol#L53-L56Affected Code
Recommended Mitigation Steps
Set the allowance to zero immediately before the existing
safeApprove()
call.