search

code-423n4 / 2022-12-tigris-findings

8 stars 4 forks source link

[NAZ-M3] `claimGovFees()` Must Approve 0 First #582

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/Lock.sol#L113

Vulnerability details

Impact

Some tokens (like USDT) do not work when changing the allowance from an existing non-zero allowance value. They must first be approved by zero and then the actual allowance must be approved.

Proof of Concept

Tokens like USDT would cause reverts and possibly other issues within the protocol.

Tools Used

Manual Review

Recommended Mitigation Steps

Consider not using tokens like USDT or approve to 0 before changing or setting allowances.

c4-judge commented 1 year ago

GalloDaSballo marked the issue as duplicate of #104

c4-judge commented 1 year ago

GalloDaSballo marked the issue as satisfactory