This function allows a token holder to approve another address (the spender) to spend a certain amount of their tokens.
The approve function is susceptible to front-running because an attacker can see a transaction in the menpool if the owner changes the approval amount, and could potentially submit a transaction to spend the current approved amount before the transaction is mined.
Proof of Concept
Alice approve() approve Bob to spend 100 tokens on her behalf.
She then changes her mind wanting to decrease Bob's allowance from 100 shares to 50 shares.
Bob sees the transaction in the mempool and immediately uses the allowed amount.
When Alice's transaction is executed, Bob gets another 50 tokens of allowance.
Tools Used
Visual Studio Code
Recommended Mitigation Steps
Consider implementing increasing and decreasing allowance functions to mitigate the race condition.
Lines of code
https://github.com/code-423n4/2023-07-moonwell/blob/main/src/core/MToken.sol#L159-L164
Vulnerability details
Impact
In
MToken.sol
we haveapprove()
function:This function allows a token holder to approve another address (the spender) to spend a certain amount of their tokens.
The
approve
function is susceptible to front-running because an attacker can see a transaction in the menpool if the owner changes the approval amount, and could potentially submit a transaction to spend the current approved amount before the transaction is mined.Proof of Concept
approve()
approve Bob to spend 100 tokens on her behalf.Tools Used
Visual Studio Code
Recommended Mitigation Steps
Consider implementing increasing and decreasing allowance functions to mitigate the race condition.
Assessed type
Other