Closed sherlock-admin closed 1 year ago
cccz
medium
VaultAdmin#processAuction: Must approve 0 first
Some tokens (like USDT) do not work when changing the allowance from an existing non-zero allowance value. They must first be approved by zero and then the actual allowance must be approved.
processAuction() may get stuck
https://github.com/sherlock-audit/2022-09-knox/blob/main/knox-contracts/contracts/vault/VaultAdmin.sol#L300-L314
Manual Review
+ ERC20.approve( + address(Pool), + 0 + ); ERC20.approve( address(Pool), totalCollateralUsed + _totalReserves() );
Duplicate of #136
cccz
medium
VaultAdmin#processAuction: Must approve 0 first
Summary
VaultAdmin#processAuction: Must approve 0 first
Vulnerability Detail
Some tokens (like USDT) do not work when changing the allowance from an existing non-zero allowance value. They must first be approved by zero and then the actual allowance must be approved.
Impact
processAuction() may get stuck
Code Snippet
https://github.com/sherlock-audit/2022-09-knox/blob/main/knox-contracts/contracts/vault/VaultAdmin.sol#L300-L314
Tool used
Manual Review
Recommendation
Duplicate of #136