search

sherlock-audit / 2024-02-jala-swap-judging

6 stars 4 forks source link

MatricksDeCoder - Unchecked return value of approve #201

Closed sherlock-admin2 closed 6 months ago

sherlock-admin2 commented 6 months ago

MatricksDeCoder

medium

Unchecked return value of approve

Summary

Unchecked return value of approve in ChilizWrapperFactory.sol transfer tokens function

Vulnerability Detail

https://github.com/sherlock-audit/2024-02-jala-swap/blob/main/jalaswap-dex-contract/contracts/utils/ChilizWrapperFactory.sol#L72

_transferTokens does not check the return value of token approving.

Impact

This may result in silent failing of approval of amount especially in like if amount is the maximum uint256or other cases where function may just fail but result is not being checked therefore no amount will be approved leading to faulty working of transfers and protocol

Code Snippet

function _transferTokens(IERC20 token, address approveToken, uint256 amount) internal {
        SafeERC20.safeTransferFrom(token, msg.sender, address(this), amount);
        if (token.allowance(address(this), approveToken) < amount) {
            token.approve(approveToken, amount);
        }
    }

Tool used

Manual Review

Recommendation

Check the return value e.g 

require(token.approve(approveToken, amount),"error");

Duplicate of #117