Closed github-actions[bot] closed 1 year ago
Udsen
false
msg.sender
_spender
approve
It is recommended to check allowance from the msg.sender to the spender for the given erc20 token is zero before calling the token.approve() function.
spender
token.approve()
Some ERC20 tokens such as usdt revert if the allowance > 0 when the approve function is called on the contract.
usdt
The transaction will revert if the allowance > 0, when approve function is called for ERC20 tokens such as usdt
IERC20Upgradeable(token).approve(bank.cToken, amountCall);
https://github.com/sherlock-audit/2023-02-blueberry/blob/main/contracts/BlueBerryBank.sol#L882
VS Code and Manual Review
It is recommended to check whether allowance > 0 for msg.sender to _spender before calling the approve function on the ERC20 token.
Udsen
false
CHECK THE ALLOWANCE AMOUNT BY THE
msg.senderto_spenderFOR THE GIVEN ERC20 TOKEN IS ZERO BEFORE CALLING THEapproveFUNCTIONSummary
It is recommended to check allowance from the
msg.senderto thespenderfor the given erc20 token is zero before calling thetoken.approve()function.Vulnerability Detail
Some ERC20 tokens such as
usdtrevert if the allowance > 0 when the approve function is called on the contract.Impact
The transaction will revert if the allowance > 0, when approve function is called for ERC20 tokens such as
usdtCode Snippet
https://github.com/sherlock-audit/2023-02-blueberry/blob/main/contracts/BlueBerryBank.sol#L882
Tool used
VS Code and Manual Review
Recommendation
It is recommended to check whether allowance > 0 for
msg.senderto_spenderbefore calling the approve function on the ERC20 token.