Open c4-bot-5 opened 3 months ago
0xEVom marked the issue as duplicate of #229
0xEVom marked the issue as insufficient quality report
jhsagd76 changed the severity to QA (Quality Assurance)
jhsagd76 marked the issue as grade-a
jhsagd76 marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2024-03-revert-lend/blob/main/src/V3Vault.sol#L423
Vulnerability details
Impact
Permits have built-in replay protection and can be submitted by anyone, they can be frontrun.
openZeppelin suggestion:
https://github.com/OpenZeppelin/openzeppelin-contracts/blob/932fddf69a699a9a80fd2396fd1a2ab91cdda123/contracts/token/ERC20/extensions/IERC20Permit.sol#L16-L32
Tools Used
vsocde
Recommended Mitigation Steps
Assessed type
ERC20