wrapped1155 is not approved to be unwrapped by wrapped1155Factory contract

[hats-bug-reporter[bot]]

Github username: @cpp-phoenix Twitter username: 0xrochimaru Submission hash (on-chain): 0xd3b947b574497463ce79ccf434f28752c63998c4f24975cf0272b369ecd7c9d1 Severity: high

Description: Description\ In methods _splitPosition(), mergePositions() & _redeemPositions() wrapped1155Factory.unwrap() is used to unwrap a wrapped1155 token. But it doesn't approve the wrapped1155Factory contract with the amount to be unwrapped.

Attack Scenario\ Because of the insufficient approval the transaction will fail as the Router.sol token should approve wrapped1155Factory contract to use x amount of wrapped1155 tokens.

Recommendations\

    wrapped1155.transferFrom(msg.sender, address(this), amount);

@>  wrapped1155.approve(wrapped1155Factory, amount);
    wrapped1155Factory.unwrap(address(conditionalTokens), tokenId, amount, address(this), data);        

[xyzseer]

that approval is not needed, you can test the deployed smart contracts on the frontend and check that split/merge/redeem work as expected

[clesaege]

The router holds the token during this call. So no approval is needed.