Closed sherlock-admin closed 1 year ago
J4de
medium
type(uint256).max
Some token do not support approve type(uint256).max
File: MarginTrading.sol 392 function _approveToken(address _address, address _tokenAddress, uint256 _tokenAmount) internal { 393 if (IERC20(_tokenAddress).allowance(address(this), _address) < _tokenAmount) { 394 IERC20(_tokenAddress).approve(_address, type(uint256).max); 395 } 396 }
MarginTrading.sol contract defaults to approve type(uint256).max, but some tokens (such as UNI) do not support approve type(uint256).max
MarginTrading.sol
Cause protocol not applicable to some tokens
https://github.com/sherlock-audit/2023-05-dodo/blob/main/dodo-margin-trading-contracts/contracts/marginTrading/MarginTrading.sol#L267
https://github.com/sherlock-audit/2023-05-dodo/blob/main/dodo-margin-trading-contracts/contracts/marginTrading/MarginTrading.sol#L309
https://github.com/sherlock-audit/2023-05-dodo/blob/main/dodo-margin-trading-contracts/contracts/marginTrading/MarginTrading.sol#L394
Manual Review
do not approve type(uint256).max
J4de
medium
Some token do not support approve
type(uint256).maxSummary
Some token do not support approve
type(uint256).maxVulnerability Detail
MarginTrading.solcontract defaults to approvetype(uint256).max, but some tokens (such as UNI) do not support approvetype(uint256).maxImpact
Cause protocol not applicable to some tokens
Code Snippet
https://github.com/sherlock-audit/2023-05-dodo/blob/main/dodo-margin-trading-contracts/contracts/marginTrading/MarginTrading.sol#L267
https://github.com/sherlock-audit/2023-05-dodo/blob/main/dodo-margin-trading-contracts/contracts/marginTrading/MarginTrading.sol#L309
https://github.com/sherlock-audit/2023-05-dodo/blob/main/dodo-margin-trading-contracts/contracts/marginTrading/MarginTrading.sol#L394
Tool used
Manual Review
Recommendation
do not approve
type(uint256).max