WatchPug
function approve(
address _token,
address _spender,
uint256 _value
) public onlyRole(DEFAULT_ADMIN_ROLE) {
ApproveLike(_token).approve(_spender, _value);
emit Approve(_token, _spender, _value);
}
L1Escrow.sol#approve() allows an address with DEFAULT_ADMIN_ROLE can approve an arbitrary amount of tokens to any address.
We believe this is unnecessary and poses a serious centralization risk.
A malicious or compromised DEFAULT_ADMIN_ROLE address can take advantage of this, and steal all the funds from the L1Escrow contract.
Consider removing approve() function and approve l1LPT to l1Gateway in the constructor.
The text was updated successfully, but these errors were encountered:
All reactions