c4-judge
commented
1 year ago 0xean marked the issue as unsatisfactory: Overinflated severity
Closed code423n4 closed 1 year ago
c4-judge
commented
1 year ago 0xean marked the issue as unsatisfactory: Overinflated severity
Lines of code
https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L158 https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L215
Vulnerability details
Description
There is
approvefunction in aDolaBorrowingRights. Let's say that Alice wants to increase the approval for Bob from 10 to 20. Alice calls theapproveorpermitfunction. Then, Bob can front-run the transaction by spending the 10 tokens and getting new approval for 20. As a result, Bob could spend 30 tokens, instead of the expected 20.Recommended Mitigation Steps
Add
increaseAllowance/decreaseAllowancefunctions, which would increase/reduce allowance from the current storage value. It will eliminate any front-run attack.