Lucene search
K

30 matches found

Code423n4
Code423n4
added 2023/10/11 12:0 a.m.9 views

Some ERC20Votes tokens will not work if you set approve() to any value without setting to zero first

Lines of code Vulnerability details Impact Not setting allowance to Zero before changing the allowance can hinder the deployment of the ERC20ProxyDelegator contract for some ERC20 tokens Proof of Concept Some ERC20 tokens like USDT with Voting enabled will not work when changing the allowance fro...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.8 views

USDT tokens should approve to zero first otherwise it may cause other tokens to get stuck in the case of aprooveMultipleTokens

Lines of code Vulnerability details Impact Unsafe ERC20 approve that do not handle non-standard erc20 behavior. Some token contracts do not return any value. Some token contracts revert the transaction when the allowance is not zero. Proof of Concept When receiving tokens to the destination chain...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/08/04 12:0 a.m.12 views

USDT approval racing can lead to DoS

Lines of code Vulnerability details Impact USDT approval racing can lead to DoS Proof of Concept 2023-07-tapioca/tapioca-periph-audit/contracts/Magnetar/modules/MagnetarMarketModule.solL157 Tools Used Recommended Mitigation Steps Use safeApprove Assessed type call/delegatecall --- The text was...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/05/15 12:0 a.m.11 views

Unspent allowance may break functionality in AMO

Lines of code Vulnerability details Unspent allowance may break functionality in AMO An unspent allowance may cause a denial of service during the calls to safeApprove in the AMO contract. Impact The AMO contract uses the safeApprove function to grant the Curve pool permission to spend funds whil...

6.5AI score
Exploits0
Code423n4
Code423n4
added 2022/12/19 12:0 a.m.8 views

Using safeTransferFrom() Functions But without Getting the Approval

Lines of code Vulnerability details Impact 2 safeTransferFrom calls are Used for ERC20 Token Line: 90, 172 using SafeTransferLib But without getting the Approval using safeApprove function. The Calls will always fail. 3 more safeTransferFrom calls are Used for ERC721 Tokens Line: 239, 259, 370...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/06/12 12:0 a.m.9 views

Users cannot initialize() a proxy with a currencyId with a different maturity

Lines of code Vulnerability details The wfCashBase.initialize sets the allowance for NotionalV2 to the assetToken and underlyingToken to the maximum using SafeApprove. However, according to , SafeApprove function requires that the current approval is 0 before setting the new one. Therefore, if a...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/03 12:0 a.m.6 views

Call to safeApprove without checking previous allowance in burnFees could result in locked funds

Lines of code Vulnerability details Impact Using this deprecated function can lead to unintended reverts and potentially the locking of funds. A deeper discussion on the deprecation of this function is in OZ issue 2219 OpenZeppelin/openzeppelin-contracts2219. Proof Of Concept Refer to the burnFee...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/03 12:0 a.m.12 views

RewardHandler.burnFees() will work only once and revert after that if burnedAmount is different.

Lines of code Vulnerability details Impact RewardHandler.burnFees will work only once and revert after that if burnedAmount is different. Proof of Concept OpenZeppelin’s safeApprove will revert if the account already is approved and the new safeApprove is done with a non-zero value. Tools Used...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/06/03 12:0 a.m.11 views

Lack of safeApprove(0) may prevent deposits and swapping of token

Lines of code Vulnerability details Impact OpenZeppelin’s safeApprove will revert if the account already is approved and the new safeApprove is done with a non-zero value. Users may be prevented from swapping tokens to Backd LPTokens a second time Proof of Concept There are multiple places...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/06/02 12:0 a.m.14 views

Bad use of safeApprove

Lines of code Vulnerability details Impact Function deposit in booster could revert when stake option is true if the contract has an allowance of the token for rewarcontract 0. The same in many contracts but in VE3DRewardPool.sol a user can get his rewards blocked. Proof of Concept If the contrac...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/02 12:0 a.m.9 views

in VeAssetDepositor and Booster contract don't set safeApprove() to 0 first and that token uses OpenZeppelin’s ERC20 implementation

Lines of code Vulnerability details Impact OpenZeppelin’s implementation of safeApprove won't work if approved amount is not set to 0. so the logics will fail if code don't set it 0 first. Both VeToken and VE3Token use OpenZeppelin’s ERC20 implementation and VeAssetDepositor and Booster calls...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/05/30 12:0 a.m.11 views

Not calling _safeApprove(0) before setting a new approval causes the call to revert when used with Tether (USDT)

Lines of code Vulnerability details Impact Some tokens like the very popular USDT do not work when changing the allowance from an existing non-zero allowance value it will revert if the current approval is not zero to protect against front-running changes of approvals. These tokens must first be...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/07 12:0 a.m.11 views

Deprecated safeApprove() function

Originally submitted by warden Dravee in 146, duplicate of 178 related to the use of safeApprove. This is upgraded from a QA report to standalone issue because it correctly described the revert when trying to call safeApprove on non-zero allowance. QA report that only describe safeApprove as...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/07 12:0 a.m.14 views

The Contract Should approve(0) first

Originally submitted by warden defsec in 198, duplicate of 178 related to the use of safeApprove. This is upgraded from a QA report to standalone issue because it correctly described the revert when trying to call safeApprove on non-zero allowance. QA report that only describe safeApprove as...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/02 12:0 a.m.15 views

Non-standard ERC20 Tokens are Not Supported

Lines of code Vulnerability details When trying to call SuperVault.executeOperation the transaction reverts. This is because the call to asset.approve in line97 doesn't match the expected function signature of approve on the target contract like in the case of USDT. This issue exists in any call ...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/04/27 12:0 a.m.10 views

Lack of safeApprove(0) prevents some registrations, and the changing of stakers and LP tokens

Lines of code Vulnerability details OpenZeppelin's safeApprove will revert if the account already is approved and the new safeApprove is done with a non-zero value function safeApprove IERC20 token, address spender, uint256 value internal // safeApprove should only be called when setting an initi...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/04/27 12:0 a.m.14 views

Customers cannot be topUp()ed a second time

Lines of code Vulnerability details OpenZeppelin's safeApprove will revert if the account already is approved and the new safeApprove is done with a non-zero value function safeApprove IERC20 token, address spender, uint256 value internal // safeApprove should only be called when setting an initi...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/03/31 12:0 a.m.14 views

approve and safeApprove Should Approve the Zero Amount First

Lines of code Vulnerability details Impact The PooledCreditLine.sol and LenderPool.sol contracts approve the strategy contract on the collateral or borrow assets before depositing funds. This allows the strategy contracts to transfer on behalf of these contracts, pulling assets out from the pool...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/23 12:0 a.m.14 views

[WP-M3] TurboRouter.sol#createSafeAndDeposit*() CreateSafeAndDeposit combo methods won't work as an allowance cannot be granted to a newly created Safe for deposit

Lines of code Vulnerability details The TurboRouter.soldeposit function can be used in a multicall together with approve and pullToken from PeripheryPayments to pull tokens from msg.sender and grant allowance for the ERC4626 Safe to call asset.safeTransferFrom with the msg.sender being the router...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/12/15 12:0 a.m.10 views

Incorrect safeApprove usage

Handle Jujic Vulnerability details Impact safeApprove won't work when current allowance 0, there may be cases when strategies will not use all allowance, so switch to new strategy will be blocked. Proof of Concept Tools Used Recommended Mitigation Steps I recommend approving to zero and then...

6.9AI score
Exploits0
Rows per page
Query Builder