c4-pre-sort
commented
11 months ago raymondfam marked the issue as insufficient quality report
Closed c4-bot-4 closed 11 months ago
c4-pre-sort
commented
11 months ago raymondfam marked the issue as insufficient quality report
c4-pre-sort
commented
11 months ago raymondfam marked the issue as duplicate of #301
c4-judge
commented
11 months ago 0xA5DF marked the issue as unsatisfactory: Invalid
c4-judge
commented
11 months ago 0xA5DF marked the issue as unsatisfactory: Invalid
c4-judge
commented
11 months ago 0xA5DF marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-11-shellprotocol/blob/main/src/adapters/OceanAdapter.sol#L108
Vulnerability details
Impact
The adapter may approve an unlimited amount of tokens to be spent by the Ocean protocol and the Curve pool, which could be risky if those contracts are compromised.
Proof of Concept
The adapter may approve an unlimited amount of tokens to be spent by the Ocean protocol and the Curve pool, which could be risky if those contracts are compromised.
Tools Used
Recommended Mitigation Steps
Consider setting a reasonable allowance limit or re-approving before each interaction based on the exact amount needed.
Assessed type
ERC20