search

hats-finance / HATs-Arbitration-Contracts-0x79a618f675857b45934ca1c413fd5f409cf89735

MIT License
0 stars 0 forks source link

approve() does note remove old entries before adding new ones #68

Open hats-bug-reporter[bot] opened 8 months ago

hats-bug-reporter[bot] commented 8 months ago

Github username: @saidqayoumsadat Submission hash (on-chain): 0x01084ca89022df2e567180e61d19471e12a796e4ee32eeda9c6cd4ed1cdac698 Severity: low

Description: Description

Each time approve() is called, new entries are added to the array, but doing so does not remove any old entries. By calling the function multiple times, an attacker can can increase their voting power indefinitely, without having to acquire new tokens.

file: /contracts/mocks/ERC20Mock.sol

72    function approve(address spender, uint256 amount) public virtual override returns (bool) {
        if (approveDisableFlag || (approveZeroDisableFlag && amount == 0)) {
            return false;
        }
        _approve(msg.sender, spender, amount);
        return true;
78    }

https://github.com/hats-finance/hats-contracts/blob/0d6ebbde912bc272d9b310140d434ee2aacd36d3/contracts/mocks/ERC20Mock.sol#L72-L78