Open c4-bot-5 opened 2 months ago
https://github.com/code-423n4/2024-07-reserve/blob/main/contracts/p1/BackingManager.sol#L73
Some tokens are reverted when approve type(uint256).max. Eg : UNI, COMP . When interacting with such tokens, its needed to ensure that the amounts use for approve, transfer not to exceed the uint96 limit.
function grantRTokenAllowance(IERC20 erc20) external notFrozen { require(assetRegistry.isRegistered(erc20), "erc20 unregistered"); // == Interaction == IERC20(address(erc20)).safeApprove(address(rToken), 0); IERC20(address(erc20)).safeApprove(address(rToken), type(uint256).max); }
If such tokens(UNI, COMP) registerd as basked collateral on reserve protocol , transaction is reverted when calling the grantRTokenAllowance function.
Manual Review
It can be used approval amount as a function argument . So Approval amount can be changed accordingly
function grantRTokenAllowance(IERC20 erc20, uint256 amount) external notFrozen { require(assetRegistry.isRegistered(erc20), "erc20 unregistered"); // == Interaction == IERC20(address(erc20)).safeApprove(address(rToken), 0); IERC20(address(erc20)).safeApprove(address(rToken), amount); }
DoS
Lines of code
https://github.com/code-423n4/2024-07-reserve/blob/main/contracts/p1/BackingManager.sol#L73
Vulnerability details
Vulnerability details
Some tokens are reverted when approve type(uint256).max. Eg : UNI, COMP . When interacting with such tokens, its needed to ensure that the amounts use for approve, transfer not to exceed the uint96 limit.
Proof of Concept
Impact
If such tokens(UNI, COMP) registerd as basked collateral on reserve protocol , transaction is reverted when calling the grantRTokenAllowance function.
Tools Used
Manual Review
Recommended Mitigation Steps
It can be used approval amount as a function argument . So Approval amount can be changed accordingly
Assessed type
DoS