When using USDT as quoteToken, the UniswapSettlement.sol would fail during approve() due to zero allowance limit.
Bug Description
The contest README states that USDT is supported. An important factor of USDT is that when conducting approve(), the allowance must be zero. See here for more details.
When conducting a swap in SettlementCallbackLib, it uses the UniswapSettlement to swap tokens to/from uniswapV3. When we are buying baseToken, the code approves uniswapV3 router amountInMaximum amount of quoteTokens and use _swapRouter.exactOutput() for swapping out an exact amount of amountOut baseTokens.
The issue here is we may not use up all of amountInMaximum during the swap, and the allowance would be non-zero. This would brick the following approvals.
Lines of code
https://github.com/code-423n4/2024-05-predy/blob/main/src/settlements/UniswapSettlement.sol#L47 https://github.com/code-423n4/2024-05-predy/blob/main/src/base/SettlementCallbackLib.sol#L160-L167
Vulnerability details
Impact
When using USDT as quoteToken, the
UniswapSettlement.sol
would fail duringapprove()
due to zero allowance limit.Bug Description
The contest README states that USDT is supported. An important factor of USDT is that when conducting
approve()
, the allowance must be zero. See here for more details.When conducting a swap in
SettlementCallbackLib
, it uses theUniswapSettlement
to swap tokens to/from uniswapV3. When we are buying baseToken, the code approves uniswapV3 routeramountInMaximum
amount of quoteTokens and use_swapRouter.exactOutput()
for swapping out an exact amount ofamountOut
baseTokens.The issue here is we may not use up all of
amountInMaximum
during the swap, and the allowance would be non-zero. This would brick the following approvals.UniswapSettlement.sol
SettlementCallbackLib.sol
Proof of Concept
N/A
Tools Used
Manual review
Recommended Mitigation Steps
Use
forceApprove()
from SafeERC20 in https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/utils/SafeERC20.sol#L76.Assessed type
Token-Transfer