search

code-423n4 / 2023-09-ondo-findings

7 stars 5 forks source link

Frontrunning approve in rUSDY.sol contract #195

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-09-ondo/blob/main/contracts/usdy/rUSDY.sol#L276-L279

Vulnerability details

Impact

In case the user has already approved something, an attacker can frontrun a transaction using first what has already been approved and then the new value. For example: User Alice approved 5 tokens for user Bob to use, then decided to lower approval to 3, as a result Bob frontrun the transaction and withdraws 5 tokens, however after this transaction there are still 3 tokens left to be approved, which Bob also withdraws, so Bob withdrew 8 tokens instead of 3.

Proof of Concept

    function approve(address _spender, uint256 _amount) public returns (bool) {
    _approve(msg.sender, _spender, _amount);
    return true;
  }

Tools Used

manual

Recommended Mitigation Steps

Add: Use only increaseAllowance and decreaseAllowance

Assessed type

MEV

c4-pre-sort commented 1 year ago

raymondfam marked the issue as low quality report

c4-pre-sort commented 1 year ago

raymondfam marked the issue as remove high or low quality report

c4-pre-sort commented 1 year ago

raymondfam marked the issue as duplicate of #102

c4-pre-sort commented 1 year ago

raymondfam marked the issue as low quality report

c4-judge commented 1 year ago

kirk-baird marked the issue as unsatisfactory: Invalid