Open code423n4 opened 1 year ago
The describe does not describe what is the impact of letting the allowance goes to type(uint256).max
JeffCX marked the issue as low quality report
0xean changed the severity to QA (Quality Assurance)
LybraFinance marked the issue as sponsor acknowledged
Lines of code
https://github.com/code-423n4/2023-06-lybra/blob/main/contracts/lybra/token/EUSD.sol#L169-L185
Vulnerability details
Impact
Using the
approve
andincreaseAllowance
methods, the owner's allowance for a spender may hittype(uint256).max
accidently, which will then allow thespender
to have infinite allowance.The
spender
can then exploit this infinite allowance without theowner
being aware of it.Proof of Concept
Here is a proof of concept test (Please note that
_spendAllowance
was made public to enable using this method directly):type(uint256).max
for the spenderOutput:
Tools Used
VSCodium, and manual analysis
Recommended Mitigation Steps
Do not rely on
type(uint256).max
for determining if a spender has infinite allowance. Rather create a new map likemapping(address => mapping(address => bool)) private hasInfiniteAllowances;
to keep track of who has granted infinite allowance.Assessed type
Invalid Validation