Closed c4-submissions closed 11 months ago
raymondfam marked the issue as insufficient quality report
raymondfam marked the issue as duplicate of #70
fatherGoose1 changed the severity to QA (Quality Assurance)
fatherGoose1 marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/main/src/NodeDelegator.sol#L45
Vulnerability details
Impact
It is not recommended to make infinite approvals to external contracts. If the external contract is compromised, all funds would be drained out of the NodeDelegator.
Proof of Concept
Tools Used
Manual review.
Recommended Mitigation Steps
Only approves what is going to be deposited.
Assessed type
ERC20