9 matches found
approve function can be frontrun and funds will be stolen as a result
Lines of code Vulnerability details Impact The user that gives allowances will lose funds. Proof of Concept In the file ERC20.sol there is a function approve. This function is problematic as it is susceptible to frontrunning attacks. PoC: Consider the following scenario: Alice calls the function...
Stealing extra mint fund by applying reentrancy attack on _execute with calling approve() again due to external call before crucial state update
Lines of code Vulnerability details Impact By applying reentrancy attack involving the function mintIfThresholdMet, an user can steal extra amount of mint fund. Proof of Concept The functions mintIfThresholdMet make external mint call prior to updating the txnHashToTransaction state. If the real...
Race condition in approve function can lead to more funds than intended being transferred
Lines of code Vulnerability details Impact The approve function from MToken.sol contains a front-running vulnerability that allows a user to spend more tokens than he should. Proof of Concept Lets take the following scenario: 1. Alice calls approveEve, 10. This permits Eve to spend 10 tokens from...
In MulticallRootRouter.sol, approve function can fail for non standard ERC20 tokens like USDT
Lines of code Vulnerability details Impact Some tokens like USDT do not work when changing the allowance from an existing non-zero allowance value. For example Tether USDT’s approve function will revert if the current approval is not zero, to protect against front-running changes of approvals. Li...
Approve front-running attack in DBR.sol
Lines of code Vulnerability details Impact An attacker could front-run an approve transaction to get an overall bigger amount approved. Proof of Concept This is the approve function of the DBR token. function approveaddress spender, uint256 amount public virtual returns bool...
approve return value is ignored
Handle pants Vulnerability details Some tokens don't correctly implement the EIP20 standard and their approve function returns void instead of a success boolean. Calling these functions with the correct EIP20 function signatures will always revert. Tokens that don't correctly implement the latest...
Locke.sol:Stream - arbitraryCall can be used to drain incentive tokens
Handle ScopeLift Vulnerability details Impact Governor can drain incentive balance via arbitraryCall Proof of Concept The Stream contract offers createIncentive and claimIncentive which is the way the contract "expects" incentives to go. Access to claiming incentives is limited to the stream...
LockeERC20.sol: Frontrun attack on approve()
Handle itsmeSTYJ Vulnerability details Impact It is possible to frontrun the standard ERC20 token approve function. Proof of Concept Read this for more info. Recommended Mitigation Steps Either require that allowance is 0 before approve can be called or use increase / decrease allowance e.g...
uToken's approve() Function is Susceptible to Frontrunning Attacks
Handle leastwood Vulnerability details Impact Order makers will call the approve function to facilitate transactions between order takers and makers. If a taker sees that a maker is seeking to reduce its order exposure by reducing Swivel.sol's allowance, a taker can frontrun this transaction to...