Closed code423n4 closed 1 year ago
The race condition is a feature of approve(), however, it doesn't harm the protocol or the end user as the approve was voluntarily given.
Could be QA.
0xSorryNotSorry marked the issue as low quality report
No front-running approve vulnerabilities in my court!
alcueca marked the issue as unsatisfactory: Insufficient quality
Lines of code
https://github.com/code-423n4/2023-07-moonwell/blob/main/src/core/MToken.sol#L159-L164
Vulnerability details
Impact
The approve() function from MToken.sol contains a front-running vulnerability that allows a user to spend more tokens than he should.
Proof of Concept
Lets take the following scenario:
Tools Used
Manual Review
Recommended Mitigation Steps
One solution is to forbid a call to approve if the previous approved tokens were not spent. This would prevent the race condition: require(allowances[Alice][Eve] == 0, "error");
Another solution is to add 2 function to increase and decrease the allowances. Check the OpenZeppelin ERC20 implementation: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v4.9.3/contracts/token/ERC20/ERC20.sol
Assessed type
ERC20