search

sherlock-audit / 2024-08-cork-protocol-judging

2 stars 2 forks source link

0xaliyah - ERC20 approve is front-run able. #210

Closed sherlock-admin2 closed 2 months ago

sherlock-admin2 commented 2 months ago

0xaliyah

Medium

ERC20 approve is front-run able.

Summary

  1. The current implementation of erc20 approve introduces a front-running vulnerability.

Vulnerability Detail

  1. Usually if the uint256 value amount that is being approved is a tad larger than the available / existing approval then a front-runner transaction is said to cause a double spent edge case.
  2. The vulnerability is the same than this one found in sherlock's surge audit: finding

Impact

  1. The total approval spent will occasionally disregard expectation or will tend to be inconsistent with the expected approval spending in total.

Code Snippet

poc-usage-approve poc-erc20::approve

Tool used

Manual Review

Recommendation

sherlock-admin3 commented 2 months ago

1 comment(s) were left on this issue during the judging contest.

tsvetanovv commented:

Low severity. The link you gave to a previous audit is from a year and a half ago. Since then some severity has changed.