Description:Description\
Describe the context and the effect of the vulnerability.
Attack Scenario\
Describe how the vulnerability can be exploited.
Description\
The SafeApprove lib is being used to grant approval and revoke approval form other contract like TwTap and YieldBox However The revoke of approval does not work as intended this could lead to potential issues.
let have a look at usage of SafeApproval lib :
The safeApprove function first check if value>0 then it calls the approve function on token contract other wise it will do no thing.
So in all the function call where the protocol passes 0 to safeApprove it will not reset/revoke the approvals from spender.
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)
Matigation\
Implement forceApprove which make sure that approve function will be called disregards of 0.
Attachments
Github username: @@amankakar Twitter username: -- Submission hash (on-chain): 0xad36662a5f0a2e1b7bdaefb4a2cb5313dfa0360e7f03e02e62f29b8f2bc3d18c Severity: medium
Description: Description\ Describe the context and the effect of the vulnerability.
Attack Scenario\ Describe how the vulnerability can be exploited. Description\ The
SafeApprove
lib is being used to grant approval and revoke approval form other contract likeTwTap
andYieldBox
However The revoke of approval does not work as intended this could lead to potential issues. let have a look at usage ofSafeApproval
lib :Now let's have a look at its implementation :
The
safeApprove
function first check ifvalue>0
then it calls theapprove
function on token contract other wise it will do no thing. So in all the function call where the protocol passes0
tosafeApprove
it will not reset/revoke the approvals from spender.Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)
Matigation\ Implement
forceApprove
which make sure thatapprove
function will be called disregards of0
. AttachmentsProof of Concept (PoC) File
Revised Code File (Optional)
Files: