merklejerk
commented
1 year ago This is pointing to solmate's ERC20 contract, which is out of scope. We also never deploy this contract because we don't mint any ERC20s.
Closed code423n4 closed 1 year ago
merklejerk
commented
1 year ago This is pointing to solmate's ERC20 contract, which is out of scope. We also never deploy this contract because we don't mint any ERC20s.
Lines of code
https://github.com/PartyDAO/party-contracts-c4/blob/3896577b8f0fa16cba129dc2867aba786b730c1b/contracts/vendor/solmate/ERC20.sol#L14
Vulnerability details
Proof of concept
The problem is perfectly described here https://docs.google.com/document/d/1YLPtQxZu1UAvO9cZ1O2RPXBbT0mooh4DYKjA_jp-RLM/edit
The tldr; is that if you approved a person to spend 100 tokens and then you want to decrease his allowance to 50, if he spends his 100 tokens allowance before you set his allowance to 50 he will be able to spend 50 more. This results in him being able to spend 150 tokens instead of your desired 50 allowance.
Impact
This can lead to much more token amount being transferred from a user’s wallet than what he wants, since if he is decreasing the allowance he would want less tokens to be spent from his wallet, but this way actually more tokens could be spent.
Recommendation
Add OpenZeppelin’s increaseAllowance and decreaseAllowance functionality to
ERC20.sol.