sherlock-audit / 2024-04-teller-finance-judging

10 stars 9 forks source link

blockchain555 - Did Not Approve To Zero First #255

Closed sherlock-admin3 closed 4 months ago

sherlock-admin3 commented 4 months ago



Did Not Approve To Zero First


Allowance was not set to zero first before changing the allowance.

Vulnerability Detail

Some ERC20 tokens (like USDT) do not work when changing the allowance from an existing non-zero allowance value. For example Tether (USDT)'s approve() function will revert if the current approval is not zero, to protect against front-running changes of approvals.

The following attempt to call the approve() function without setting the allowance to zero first.

    function acceptFundsForAcceptBid(
        address _borrower,
        uint256 _bidId,
        uint256 _principalAmount,
        uint256 _collateralAmount,
        address _collateralTokenAddress,
        uint256 _collateralTokenId, 
        uint32 _loanDuration,
        uint16 _interestRate
    ) external onlySmartCommitmentForwarder whenNotPaused {


373:    principalToken.approve(address(TELLER_V2), _principalAmount);

        //do not have to spoof/forward as this contract is the lender !



A number of features within the vaults will not work if the approve function reverts.

Code Snippet

Tool used

Manual Review


It is recommended to set the allowance to zero before increasing the allowance and use safeApprove/safeIncreaseAllowance.

nevillehuang commented 3 months ago

After further review, since acceptFundsForAcceptBid can only be invoked by the forwarder, If a lender calls acceptCommitmentWithRecipient via the forwarder, it will definitely consume all approvals as seen here. So this issue will never occur