Lines of code

Vulnerability details

Impact

Solmate’s ERC20 does not provide option to increase/decrease allowance, and only option to do so is by setting it via approve - which sets this amount directly. This poses a problem of double spending, when a user want to check current allowance, and bad actor frontruns the transaction to get tokens for previous and current allowance.

Proof of Concept

1. Alice sets Bob’s allowance to 1000 of her tokens, but sends 1100 by mistake
2. Alice realizes her mistake, and sends another transaction with correct amount (1000 tokens)
3. Malicious Bob watches the mempool for new transactions, frontruns the second allowance and transfers to himself 1100 tokens Alice sent at first, and then gets remaining 1000. So, he made it with 2100 tokens, and not 1000 as planned.

Tools Used

VS Code

Recommended Mitigation Steps

Use increaseAllowance and decreaseAllowance functions for your own ERC20’s.

The text was updated successfully, but these errors were encountered:

All reactions