search

code-423n4 / 2024-03-ondo-finance-findings

5 stars 6 forks source link

msg.sender get approval of token when it is being transferred from _sender to _recipient #325

Closed c4-bot-8 closed 3 months ago

c4-bot-8 commented 3 months ago

Lines of code

https://github.com/code-423n4/2024-03-ondo-finance/blob/main/contracts/ousg/rOUSG.sol#L285

Vulnerability details

Impact

msg.sender despite not being _recipient gets approval of remaining token of _sender after transfer to recipient

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.

Tools Used

Manual review

Recommended Mitigation Steps

work on code logic and architecture

Assessed type

Access Control

c4-pre-sort commented 3 months ago

0xRobocop marked the issue as insufficient quality report

3docSec commented 3 months ago

Extremely poor quality report

c4-judge commented 3 months ago

3docSec marked the issue as unsatisfactory: Insufficient quality