search

sherlock-audit / 2024-05-beefy-cowcentrated-liquidity-manager-judging

5 stars 5 forks source link

mgf15 - `_removeAllowances` will revert on zero Value approvals #47

Closed sherlock-admin2 closed 3 months ago

sherlock-admin2 commented 3 months ago

mgf15

medium

_removeAllowances will revert on zero Value approvals

Summary

_removeAllowances will revert on zero Value approvals

Vulnerability Detail

function _removeAllowances will revert on zero Value approvals , Some tokens (e.g. BNB) revert when approving a zero value amount (i.e. a call to approve(address, 0)).

Impact

Dos

Code Snippet

https://github.com/sherlock-audit/2024-05-beefy-cowcentrated-liquidity-manager/blob/42ef5f0eac1bc954e888cf5bfb85cbf24c08ec76/cowcentrated-contracts/contracts/strategies/velodrome/StrategyPassiveManagerVelodrome.sol#L835C5-L840C6

    function _removeAllowances() private {
        IERC20Metadata(output).forceApprove(unirouter, 0);
        IERC20Metadata(output).forceApprove(rewardPool, 0);
        IERC20Metadata(lpToken0).forceApprove(nftManager, 0);
        IERC20Metadata(lpToken1).forceApprove(nftManager, 0);
    }

Tool used

Manual Review

Recommendation

support BNB or revert if the output token is BNB

sherlock-admin3 commented 3 months ago

2 comment(s) were left on this issue during the judging contest.

DHTNS commented:

Invalid -> see readme for list of ERC20s

_karanel commented:

low/info