Closed sherlock-admin2 closed 9 months ago
Low/Informational severity, the intention of a specific spend amount is to immediately allow spender to spend all tokens, so you can see this as an user input error. Since spender can already transfer full specific amount in the first place, there is no need for the spender to front run.
thank_you
medium
Token approval can be frontrun
Summary
The GSP trading token approve() function can be frontrun such that a spender can double dip and spend an allowance more than once.
Vulnerability Detail
When a user sets a spender's allowance when their allowance is already non-zero, the spender can frontrun the user and double dip the allowance. This can occur through the following simple scenario:
In this attack, Alice has received 150 tokens, 100 more than Bob desired.
Impact
Third-party protocols and users who give approval to other users may experience front-running when approving tokens to other third-party entities and losing more than expected.
Code Snippet
https://github.com/sherlock-audit/2023-12-dodo-gsp/blob/main/dodo-gassaving-pool/contracts/GasSavingPool/impl/GSPVault.sol?plain=1#L265-L282
Tool used
Manual Review
Recommendation
The protocol should implement a require check such that the approver can pass in a value to check what the current allowance value is: