search

sherlock-audit / 2024-05-sophon-judging

1 stars 1 forks source link

ArsenLupin - Use safeApprove in the bridgePool instead #229

Closed sherlock-admin3 closed 1 month ago

sherlock-admin3 commented 1 month ago

ArsenLupin

medium

Use safeApprove in the bridgePool instead

Summary

Vulnerability Detail

Dev declare that USDT could be used in the future, that's why the safeApprove should be used in the bridgePool function to eliminate the revert/problems with the popular USDT behaviour.

Impact

revert

Code Snippet

function bridgePool(uint256 _pid) external {
        if (!isFarmingEnded() || !isWithdrawPeriodEnded() || isBridged[_pid]) {
            revert Unauthorized();
        }

        updatePool(_pid);
        PoolInfo storage pool = poolInfo[_pid];

        uint256 depositAmount = pool.depositAmount;
        if (depositAmount == 0 || address(bridge) == address(0) || pool.l2Farm == address(0)) {
            revert BridgeInvalid();
        }

        IERC20 lpToken = pool.lpToken;
        //@audit safeApprove should be used instead.
        lpToken.approve(address(bridge), depositAmount);

Tool used

Manual Review

Recommendation

safeApprove

sherlock-admin4 commented 1 month ago

1 comment(s) were left on this issue during the judging contest.

0xmystery commented:

invalid because bridge logic not implemented and not covered by this audit