c4-judge
commented
1 year ago Picodes marked the issue as unsatisfactory: Overinflated severity
Closed code423n4 closed 1 year ago
c4-judge
commented
1 year ago Picodes marked the issue as unsatisfactory: Overinflated severity
Lines of code
https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L282
Vulnerability details
Impact
If this code is executed on a token that does not support approve
type(uint256).maxamount, the function will revert and the transaction will failProof of Concept
https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L282
The
safeApprovefunction in the ERC20 standard allows a user to approve an unlimited amount of tokens to be transferred to another address. However, some tokens do not support this feature and will revert if they are called with thetype(uint256).maxamountTools Used
Manual analysis
Recommended Mitigation Steps
I would suggest approve only the necessay amount of token to the
approveTargetinstead of thetype(uint256).maxamount.Assessed type
ERC20