search

code-423n4 / 2023-06-xeth-mitigation-findings

0 stars 0 forks source link

M-04 MitigationConfirmed #21

Open code423n4 opened 1 year ago

code423n4 commented 1 year ago

Lines of code

Vulnerability details

Mitigation of M-04: Issue mitigated

Mitigated issue

M-04: Unspent allowance may break functionality in AMO Fix: https://github.com/code-423n4/2023-05-xeth/commit/793dade5217bd5751856f7cf0bccd4936286aeab

The issue was that safeApprove() was used in addLiquidity() and addLiquidityOnlyStETH() which reverts if there is still some remaining allowance.

Mitigation review

The instances of safeApprove() have simply been replaced by approve(), which does not revert. The (arguably false sense of) security provided by safeApprove() by prohibiting the allowance to be set from non-zero to non-zero is not needed in addLiquidity() and addLiquidityOnlyStETH() since these functions are access restricted to the admin.

c4-judge commented 1 year ago

kirk-baird marked the issue as satisfactory