Closed sherlock-admin closed 7 months ago
Invalid based on sherlock rules
- Non-Standard tokens: Issues related to tokens with non-standard behaviors, such as weird-tokens are not considered valid by default unless these tokens are explicitly mentioned in the README.
This tokens was not explicit mentioned in the following question in contest detsils:
Do you expect to use any of the following tokens with non-standard behaviour with the smart contracts?
- We plan to support tokens with no less than 6 decimals and no more than 18 decimals.
- Tokens may not return a bool on ERC20 methods (e.g. USDT)
- Tokens may have approval race protections (e.g. USDT)
Bauer
medium
Revert on Large Approvals & Transfers
Summary
Some tokens (e.g. UNI, COMP) revert if the value passed to approve or transfer is larger than uint96.
Vulnerability Detail
In the
RioLRTOperatorDelegator.stakeERC20()
function, if the contract's allowance for the strategy manager is less than the stake amount, the contract forcefully sets the allowance for the strategy manager to the maximum value of uint256 using theforceApprove()
function to ensure the stake operation can proceed.However, Some tokens (e.g., UNI, COMP) revert if the value passed to approve or transfer is larger than uint96.
Impact
Revert on large approvals
Code Snippet
https://github.com/sherlock-audit/2024-02-rio-network-core-protocol/blob/main/rio-sherlock-audit/contracts/restaking/RioLRTOperatorDelegator.sol#L176
Tool used
Manual Review
Recommendation
Recommend handling tokens of this type.