Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Did Not Approve To Zero First Causing Certain Token Transfer To Fail #36

Closed
code423n4 opened this issue Feb 18, 2023 · 1 comment
Closed

Did Not Approve To Zero First Causing Certain Token Transfer To Fail #36

code423n4 opened this issue Feb 18, 2023 · 1 comment
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value invalid This doesn't seem right withdrawn by warden Special case: warden has withdrawn this submission and it can be ignored

Comments

@code423n4
Copy link
Contributor

code423n4 commented Feb 18, 2023
edited
Loading

Lines of code

https://github.com/code-423n4/2023-02-ethos/blob/73687f32b934c9d697b97745356cdf8a1f264955/Ethos-Core/contracts/ActivePool.sol#L171
https://github.com/code-423n4/2023-02-ethos/blob/73687f32b934c9d697b97745356cdf8a1f264955/Ethos-Core/contracts/ActivePool.sol#L180
https://github.com/code-423n4/2023-02-ethos/blob/73687f32b934c9d697b97745356cdf8a1f264955/Ethos-Core/contracts/ActivePool.sol#L183

Vulnerability details

Impact

Some tokens (like USDT) do not work when changing the allowance from an existing non-zero allowance value. For example Tether (USDT)'s approve() function will revert if the current approval is not zero, to protect against front-running changes of approvals.

Proof of Concept

Allowance was not set to zero first before changing the allowance.

Some tokens (like USDT) do not work when changing the allowance from an existing non-zero allowance value. For example Tether (USDT)'s approve() function will revert if the current approval is not zero, to protect against front-running changes of approvals.

in ActivePool.sendCollateral, in lines 180 and 183, before calling safeIncreaseAllowance, must be approved by zero first, and then the safeIncreaseAllowance function can be called. Otherwise, the ActivePool.sendCollateral function will revert every time it handles such kinds of tokens.

The same problem can be seen in the line below:
https://github.com/code-423n4/2023-02-ethos/blob/73687f32b934c9d697b97745356cdf8a1f264955/Ethos-Core/contracts/ActivePool.sol#L279
https://github.com/code-423n4/2023-02-ethos/blob/73687f32b934c9d697b97745356cdf8a1f264955/Ethos-Core/contracts/BorrowerOperations.sol#L506

Tools Used

Manually

Sample report approved by the C4 judges team:
code-423n4/2022-06-connext-findings#154

Recommended Mitigation Steps

It is recommended to set the allowance to zero before increasing the allowance
@code423n4 code423n4 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Feb 18, 2023
code423n4 added a commit that referenced this issue Feb 18, 2023
@code423n4
SaeedAlipoor01988 issue #36
e6dcd7a
@code423n4 code423n4 added invalid This doesn't seem right withdrawn by warden Special case: warden has withdrawn this submission and it can be ignored and removed bug Something isn't working edited-by-warden labels Mar 1, 2023
@code423n4
Copy link
Contributor Author

Withdrawn by SaeedAlipoor01988

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value invalid This doesn't seem right withdrawn by warden Special case: warden has withdrawn this submission and it can be ignored
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@code423n4