14 matches found
Unsafe use of approve() with IERC20
Lines of code 321, 215, 184, 450, 761, 217, 157, 234, 339, 386https://github.com/Tapioca-DAO/t...
Swap functionality to sell rewards is too permissive and could cause accidental or intentional loss of value
Lines of code Vulnerability details Summary While the intention is to use the 0x protocol to sell rewards, the implementation doesn't provide any basic guarantee this will correctly happen and grants the rewarder arbitrary control over the tokens held by the strategy. Impact Rewards earned in the...
Vault funds can be stolen by a malicious Yield Vault.
Lines of code Vulnerability details Impact When a vault is initialized, it sets Max Token Approval for the Yield Vault which allows the Yield Vault to ALWAYS have access to the funds in the vault. Since vaults can be created by anyone as long as they provide an ERC-4626 compliant yield source, an...
Lack of token approval reverts the overall trade
Lines of code Vulnerability details Impact Since the user has not approved the params.collateralAmount, calling the safeTransferFrom function will result in a revert due to the lack of token approval. The Exchange contract not receive any collateralAmount. Proof of Concept...
SpigotedLineLib::trade wonβt work with tokens with approval race protection (USDT)
Lines of code Vulnerability details Proof of Concept Some tokens e.g. USDT, KNC do not allow approving an amount M 0 when an existing amount N 0 is already approved. This is to protect from an ERC20 attack vector described here. The problem is the code in trade is the following...
When minting legendary NFT, non-legendary NFTs are burned, but burned token approval is not revoked, burned NFT TokenURI still accessible after burning.
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. When minting legendary NFT, non-legendary NFTs are burned, only the owner of the burned nft is set to 0, emit Transfermsg.sender, getGobblerDataid.owner = address0, id; but burned token approval is not...
Proposal commitment takes all fractional balance in Migration contract
Lines of code Vulnerability details Impact The Migration contract holds all fractional token balance of all proposals. Let's suppose a single vault has multiple proposals going on, and one gets committed. If the target price is satisfied, then a buyout starts // Checks if the current price is...
Upgraded Q -> M from 124 [1654443300023]
Judge has assessed an item in Issue 124 as Medium risk. The relevant finding follows: C4-007 : USE SAFEERC20.SAFEAPPROVE Impact This is probably an oversight since SafeERC20 was imported and safeTransfer was used for ERC20 token transfers. Nevertheless, note that approve will fail for certain tok...
Upgraded Q -> M from 124 [1654442937681]
Judge has assessed an item in Issue 124 as Medium risk. The relevant finding follows: C4-006 : The Contract Should Approve0 first Impact Some tokens like USDT L199 do not work when changing the allowance from an existing non-zero allowance value. They must first be approved by zero and then the...
Missing approve(0)
Lines of code Vulnerability details Impact Some tokens, like USDT see requirement line 199, require first reducing the address allowance to 0 by calling approvespender, 0 and then approve the actual allowance. When using one of these unsupported tokens, all transactions revert and the protocol...
[WP-M2] DEFAULT_ADMIN_ROLE can approve arbitrary address to spend any amount from the L1Escrow contract
Handle WatchPug Vulnerability details function approve address token, address spender, uint256 value public onlyRoleDEFAULTADMINROLE ApproveLiketoken.approvespender, value; emit Approvetoken, spender, value; L1Escrow.solapprove allows an address with DEFAULTADMINROLE can approve an arbitrary amou...
Contract BasicSale is missing an approve(address(vestLock), 2**256-1) call
Handle Reigada Vulnerability details Impact As we can see in the contracts AirdropDistribution and InvestorDistribution, they both have the following approve call: mainToken.approveaddressvestLock, 2256-1; This is necessary because both contracts transfer tokens to the vesting contract by calling...
[Gov.sol] Ignoring the return value of function _token.approve(...)
Handle eriksal1217 Vulnerability details Impact Medium Risk vulnerability - This does not immediately affect the contract, tokens, or funds associated but could have negative effects in regards to how the contract behaves when executing this functionality. Proof of Concept According to Slither...
usage of safeApprove
Handle pauliax Vulnerability details Impact depositInVault in contract YearnV2YieldSource calls safeApprove when the allowance is less than the token balance: if token.allowanceaddressthis, addressv token.balanceOfaddressthis token.safeApproveaddressv, typeuint256.max; This does not mean that the...