Closed c4-bot-8 closed 3 months ago
https://github.com/code-423n4/2024-03-ondo-finance/blob/main/contracts/ousg/rOUSG.sol#L285
msg.sender despite not being _recipient gets approval of remaining token of _sender after transfer to recipient
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
Manual review
work on code logic and architecture
Access Control
0xRobocop marked the issue as insufficient quality report
Extremely poor quality report
3docSec marked the issue as unsatisfactory: Insufficient quality
Lines of code
https://github.com/code-423n4/2024-03-ondo-finance/blob/main/contracts/ousg/rOUSG.sol#L285
Vulnerability details
Impact
msg.sender despite not being _recipient gets approval of remaining token of _sender after transfer to recipient
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
Tools Used
Manual review
Recommended Mitigation Steps
work on code logic and architecture
Assessed type
Access Control