0x0 - Staking Token Deprecated Function #10

sherlock-admin · 2022-11-04T08:17:58Z

0x0

medium

Staking Token Deprecated Function

Summary

The staking token is used for underwriting loans and earns rewards from the comptroller. The approval mechanism for the staking ERC20 uses a deprecated method which could result in a race condition for users wishing to stake.

Vulnerability Detail

safeApprove() is deprecated OpenZeppelin/openzeppelin-contracts#2268 and its usage is discouraged.

Its implementation is vulnerable to a race condition. More information here: https://swcregistry.io/docs/SWC-114

Impact

Users could be exposed to front running attacks.

Code Snippet

        erc20Token.safeApprove(assetManager, 0);
        erc20Token.safeApprove(assetManager, amount);

Tool used

Manual Review

Recommendation

Prevent a call to approve if all the previous tokens are not yet spent.

The text was updated successfully, but these errors were encountered:

GeraldHost · 2023-01-13T08:40:22Z

unioncredit/union-v2-contracts#55

sherlock-admin added the Medium label Nov 4, 2022

sherlock-admin closed this as completed Nov 4, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

0x0 - Staking Token Deprecated Function #10

0x0 - Staking Token Deprecated Function #10

sherlock-admin commented Nov 4, 2022

GeraldHost commented Jan 13, 2023

0x0 - Staking Token Deprecated Function #10

0x0 - Staking Token Deprecated Function #10

Comments

sherlock-admin commented Nov 4, 2022

Staking Token Deprecated Function

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

GeraldHost commented Jan 13, 2023