sherlock-audit / 2023-10-aloe-judging

9 stars 6 forks source link

kaysoft - safeApprove(...) function can revert #89

Closed sherlock-admin2 closed 1 year ago

sherlock-admin2 commented 1 year ago

kaysoft

medium

safeApprove(...) function can revert

Summary

ERC20.safeApprove(...) function can revert for allowances that non zero.

Vulnerability Detail

The UniswapNFTManager.sol#callback(...) uses the ERC20 safeApprove function which can revert for non zero allowances.

Impact

Calls to UniswapNFTManager.sol#callback(...) will revert when allowance is non zero

Code Snippet

https://github.com/sherlock-audit/2023-10-aloe/blob/main/aloe-ii/periphery/src/managers/UniswapNFTManager.sol#L56-L57

Tool used

Manual Review

Recommendation

Consider using 'safeIncreaseAllowance' and 'safeDecreaseAllowance' instead of safeApprove() function

sherlock-admin2 commented 1 year ago

3 comment(s) were left on this issue during the judging contest.

panprog commented:

invalid, because UniswapNFTManager.sol is out of scope

tsvetanovv commented:

Low

MohammedRizwan commented:

invalid as UniswapNFTManager.sol is not in scope and such issues are not considered valid at sherlock.