2 matches found
AssetLogic's _swapAssetOut can fail on the one step approval
Lines of code Vulnerability details swapAssetOut performs one step approval for an arbitrary assetIn before calling pool's swapExactOut. As ERC20 that do not allow approval race condition prohibit setting approval to a new positive value when allowance is positive already, this call will fail if...
YearnTokenAdapter's wrap can become stuck as it uses one step approval for an arbitrary underlying
Lines of code Vulnerability details Some tokens do not allow for approval of positive amount when allowance is positive already to handle approval race condition, most known example is USDT. This can cause the function to stuck whenever a combination of such a token and leftover approval be met...