Lucene search
K

9 matches found

Code423n4
Code423n4
added 2023/09/14 12:0 a.m.11 views

approve function can be frontrun and funds will be stolen as a result

Lines of code Vulnerability details Impact The user that gives allowances will lose funds. Proof of Concept In the file ERC20.sol there is a function approve. This function is problematic as it is susceptible to frontrunning attacks. PoC: Consider the following scenario: Alice calls the function...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/07 12:0 a.m.14 views

Stealing extra mint fund by applying reentrancy attack on _execute with calling approve() again due to external call before crucial state update

Lines of code Vulnerability details Impact By applying reentrancy attack involving the function mintIfThresholdMet, an user can steal extra amount of mint fund. Proof of Concept The functions mintIfThresholdMet make external mint call prior to updating the txnHashToTransaction state. If the real...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/31 12:0 a.m.16 views

Race condition in approve function can lead to more funds than intended being transferred

Lines of code Vulnerability details Impact The approve function from MToken.sol contains a front-running vulnerability that allows a user to spend more tokens than he should. Proof of Concept Lets take the following scenario: 1. Alice calls approveEve, 10. This permits Eve to spend 10 tokens from...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/05 12:0 a.m.10 views

In MulticallRootRouter.sol, approve function can fail for non standard ERC20 tokens like USDT

Lines of code Vulnerability details Impact Some tokens like USDT do not work when changing the allowance from an existing non-zero allowance value. For example Tether USDT’s approve function will revert if the current approval is not zero, to protect against front-running changes of approvals. Li...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/10/30 12:0 a.m.14 views

Approve front-running attack in DBR.sol

Lines of code Vulnerability details Impact An attacker could front-run an approve transaction to get an overall bigger amount approved. Proof of Concept This is the approve function of the DBR token. function approveaddress spender, uint256 amount public virtual returns bool...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/01/16 12:0 a.m.6 views

approve return value is ignored

Handle pants Vulnerability details Some tokens don't correctly implement the EIP20 standard and their approve function returns void instead of a success boolean. Calling these functions with the correct EIP20 function signatures will always revert. Tokens that don't correctly implement the latest...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/12/06 12:0 a.m.11 views

Locke.sol:Stream - arbitraryCall can be used to drain incentive tokens

Handle ScopeLift Vulnerability details Impact Governor can drain incentive balance via arbitraryCall Proof of Concept The Stream contract offers createIncentive and claimIncentive which is the way the contract "expects" incentives to go. Access to claiming incentives is limited to the stream...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/12/03 12:0 a.m.21 views

LockeERC20.sol: Frontrun attack on approve()

Handle itsmeSTYJ Vulnerability details Impact It is possible to frontrun the standard ERC20 token approve function. Proof of Concept Read this for more info. Recommended Mitigation Steps Either require that allowance is 0 before approve can be called or use increase / decrease allowance e.g...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/10/06 12:0 a.m.12 views

uToken's approve() Function is Susceptible to Frontrunning Attacks

Handle leastwood Vulnerability details Impact Order makers will call the approve function to facilitate transactions between order takers and makers. If a taker sees that a maker is seeking to reduce its order exposure by reducing Swivel.sol's allowance, a taker can frontrun this transaction to...

7AI score
Exploits0
Rows per page
Query Builder