There is approve function in a DolaBorrowingRights. Let's say that Alice wants to increase the approval for Bob from 10 to 20. Alice calls the approve or permit function. Then, Bob can front-run the transaction by spending the 10 tokens and getting new approval for 20. As a result, Bob could spend 30 tokens, instead of the expected 20.
Recommended Mitigation Steps
Add increaseAllowance/decreaseAllowance functions, which would increase/reduce allowance from the current storage value. It will eliminate any front-run attack.
Lines of code
https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L158 https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L215
Vulnerability details
Description
There is
approve
function in aDolaBorrowingRights
. Let's say that Alice wants to increase the approval for Bob from 10 to 20. Alice calls theapprove
orpermit
function. Then, Bob can front-run the transaction by spending the 10 tokens and getting new approval for 20. As a result, Bob could spend 30 tokens, instead of the expected 20.Recommended Mitigation Steps
Add
increaseAllowance
/decreaseAllowance
functions, which would increase/reduce allowance from the current storage value. It will eliminate any front-run attack.