search

sherlock-audit / 2024-05-beefy-cowcentrated-liquidity-manager-judging

5 stars 5 forks source link

mgf15 - token like UNI, COMP will not work with this protocol #50

Closed sherlock-admin2 closed 4 months ago

sherlock-admin2 commented 5 months ago

mgf15

medium

token like UNI, COMP will not work with this protocol

Summary

token like UNI, COMP will not work with this protocol .

Vulnerability Detail

Some tokens (e.g. UNI, COMP) revert if the value passed to approve or transfer is larger than uint96. in _giveAllowances function contract set Approve to type(uint256).max this will revert for UNI or COMP tokens.

Impact

contract will not work .

Code Snippet

        IERC20Metadata(output).forceApprove(unirouter, type(uint256).max);
        IERC20Metadata(output).forceApprove(rewardPool, type(uint256).max);
        IERC20Metadata(lpToken0).forceApprove(nftManager, type(uint256).max);
        IERC20Metadata(lpToken1).forceApprove(nftManager, type(uint256).max);

https://github.com/sherlock-audit/2024-05-beefy-cowcentrated-liquidity-manager/blob/42ef5f0eac1bc954e888cf5bfb85cbf24c08ec76/cowcentrated-contracts/contracts/strategies/velodrome/StrategyPassiveManagerVelodrome.sol#L828C1-L831C78

Tool used

Manual Review

Recommendation

add support for UNI , COMP tokens

sherlock-admin2 commented 4 months ago

2 comment(s) were left on this issue during the judging contest.

DHTNS commented:

Invalid -> see readme for list of ERC20s

_karanel commented:

low/info