Some tokens (like USDT) do not work when changing the allowance from an existing non-zero allowance value. They must first be approved by zero and then the actual allowance must be approved.
Proof of Concept
Tokens like USDT would cause reverts and possibly other issues within the protocol.
Tools Used
Manual Review
Recommended Mitigation Steps
Consider not using tokens like USDT or approve to 0 before changing or setting allowances.
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/Lock.sol#L113
Vulnerability details
Impact
Some tokens (like USDT) do not work when changing the allowance from an existing non-zero allowance value. They must first be approved by zero and then the actual allowance must be approved.
Proof of Concept
Tokens like USDT would cause reverts and possibly other issues within the protocol.
Tools Used
Manual Review
Recommended Mitigation Steps
Consider not using tokens like USDT or approve to 0 before changing or setting allowances.