Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use_safe_approve is not correctly implemented and would lead to approveTarget() breaking if used while the bool is set to true #987

Closed
code423n4 opened this issue Sep 3, 2023 · 8 comments
Closed

use_safe_approve is not correctly implemented and would lead to approveTarget() breaking if used while the bool is set to true #987

code423n4 opened this issue Sep 3, 2023 · 8 comments
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working duplicate-1662 low quality report This report is of especially low quality unsatisfactory does not satisfy C4 submission criteria; not eligible for awards

Comments

@code423n4
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2023-08-dopex/blob/eb4d4a201b3a75dd4bddc74a34e9c42c71d0d12f/contracts/amo/UniV3LiquidityAmo.sol#L139-L152

Vulnerability details

Impact

Break in contract's logic since approvals can't be set for tokens that require use_safe_approve to be true

Proof of Concept

It's pretty common that safeApprove() breaks logic in contracts, in the sense where there is any leftover allowance.

Sponsors know about this which is why these commented lines from the approveTarget() function state the below:

      // safeApprove needed for USDT and others for the first approval
      // You need to approve 0 every time beforehand for USDT: it resets

Problem is that the code does not follow the above, cause instead of calling safeApprove(_token, _target, 0 ) first then safeApprove(_token, _target, _amount) only the latter is called, which leads this to always revert

Click to see full referenced code 
  function approveTarget(
    address _target,
    address _token,
    uint256 _amount,
    bool use_safe_approve
  ) public onlyRole(DEFAULT_ADMIN_ROLE) {
    if (use_safe_approve) {

      // safeApprove needed for USDT and others for the first approval
      // You need to approve 0 every time beforehand for USDT: it resets
      // @audit-issue
      TransferHelper.safeApprove(_token, _target, _amount);
    } else {
      IERC20WithBurn(_token).approve(_target, _amount);
    }
  }

Tool used

Manual Audit

Recommended Mitigation Steps

Set the allowance to 0 first before new value for use_safe_approve type of tokens

Assessed type

Error
@code423n4 code423n4 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Sep 3, 2023
code423n4 added a commit that referenced this issue Sep 3, 2023
@code423n4
Bauchibred issue #987
1e69273
@c4-pre-sort
Copy link

bytes032 marked the issue as duplicate of #928

@c4-pre-sort c4-pre-sort reopened this Sep 11, 2023
@c4-pre-sort
Copy link

bytes032 marked the issue as not a duplicate

@c4-pre-sort
Copy link

bytes032 marked the issue as duplicate of #1455

@c4-pre-sort
Copy link

bytes032 marked the issue as duplicate of #1782

@c4-pre-sort c4-pre-sort reopened this Sep 11, 2023
@c4-pre-sort
Copy link

bytes032 marked the issue as not a duplicate

@c4-pre-sort
Copy link

bytes032 marked the issue as duplicate of #1662

@c4-pre-sort c4-pre-sort added duplicate-1662 low quality report This report is of especially low quality labels Sep 11, 2023
@c4-pre-sort
Copy link

bytes032 marked the issue as low quality report

@c4-judge c4-judge added the unsatisfactory does not satisfy C4 submission criteria; not eligible for awards label Oct 6, 2023
@c4-judge
Copy link
Contributor

c4-judge commented Oct 6, 2023

GalloDaSballo marked the issue as unsatisfactory:
Out of scope

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working duplicate-1662 low quality report This report is of especially low quality unsatisfactory does not satisfy C4 submission criteria; not eligible for awards
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@code423n4 @c4-judge @c4-pre-sort