Closed code423n4 closed 1 year ago
https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/gateway/BridgeEscrow.sol#L29
approve function is subject to a known front-running attack. A malicious attacker can scout for a change in approval and front-run that
approve
Reference: https://blog.smartdec.net/erc20-approve-issue-in-simple-words-a41aaf47bca6
graphToken().approve(_spender, type(uint256).max);
Manual review
Use safeincreaseallowance() and safedecreaseallowance()
dupe of #224 - wardens QA report.
0xean
commented
1 year ago 0xean
commented
1 year ago
Lines of code
https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/gateway/BridgeEscrow.sol#L29
Vulnerability details
Impact
approvefunction is subject to a known front-running attack. A malicious attacker can scout for a change in approval and front-run thatReference: https://blog.smartdec.net/erc20-approve-issue-in-simple-words-a41aaf47bca6
Proof of Concept
https://github.com/code-423n4/2022-10-thegraph/blob/main/contracts/gateway/BridgeEscrow.sol#L29
Tools Used
Manual review
Recommended Mitigation Steps
Use safeincreaseallowance() and safedecreaseallowance()