search

code-423n4 / 2023-07-moonwell-findings

1 stars 0 forks source link

Missing approve 0 when calling approve function may revert with certain types of tokens #185

Open code423n4 opened 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-07-moonwell/blob/fced18035107a345c31c9a9497d0da09105df4df/src/core/MToken.sol#L159

Vulnerability details

Impact

The approve function overrides the ERC20 function and allows a user to approve someone else to spend tokens on their behalf. However, there are some tokens (LEND) that will revert if the allowance isn't set to zero before changing the allowance. Consider setting allowance to zero first as this is safer against front-running attacks and will also allow for tokens that need approve(0) to be set first.

Proof of Concept

        address src = msg.sender;
        transferAllowances[src][spender] = amount;
        emit Approval(src, spender, amount);
        return true;
    }

Tools Used

Manual review.

Recommended Mitigation Steps

        address src = msg.sender;
        transferAllowances[src][spender] = 0;
        transferAllowances[src][spender] = amount;
        emit Approval(src, spender, amount);
        return true;
    }

Assessed type

Token-Transfer

c4-pre-sort commented 1 year ago

0xSorryNotSorry marked the issue as primary issue

ElliotFriedman commented 1 year ago

not a real issue

c4-sponsor commented 1 year ago

ElliotFriedman marked the issue as sponsor disputed

alcueca commented 1 year ago

Valid as QA, should be added to the governance guidelines on which tokens are not compatible with the protocol.

c4-judge commented 1 year ago

alcueca changed the severity to QA (Quality Assurance)

c4-judge commented 1 year ago

alcueca marked the issue as grade-a