Skip to content
This repository has been archived by the owner on Dec 17, 2023. It is now read-only.

Arz - USDT needs safeApprove(0) before setting a new approval #359

Closed
sherlock-admin opened this issue Jun 11, 2023 · 0 comments
Closed

Arz - USDT needs safeApprove(0) before setting a new approval #359

sherlock-admin opened this issue Jun 11, 2023 · 0 comments
Labels
Non-Reward This issue will not receive a payout

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented Jun 11, 2023
edited by github-actions bot
Loading

Arz

medium

USDT needs safeApprove(0) before setting a new approval

Summary

Some tokens (like USDT) do not work when changing the allowance from an existing non-zero allowance value.They must first be approved by zero and then the actual allowance must be approved

Vulnerability Detail

In FlashLoan.sol, we are approving type(uint256).max when repaying the tokens that we borrowed. However, there are some tokens like USDT that dont allow to approve allowance from non-zero value to non-zero value. So if you try to approve a non-zero value when it already had allowance, the tx will fail. In the _loan() function, it will approve the max value every time this function is called, so the second time it will fail.

Impact

The tx will fail if you have already set the allowance to the contract before. The function approves the max value every time this function is called, so the second time it will fail

Code Snippet

https://github.com/sherlock-audit/2023-05-ironbank/blob/main/ib-v2/src/flashLoan/FlashLoan.sol#L108

function _loan(IERC3156FlashBorrower receiver, address token, uint256 amount, bytes memory data, address msgSender)
        internal
    {
        IronBankInterface(ironBank).borrow(address(this), address(receiver), token, amount);

        require(receiver.onFlashLoan(msgSender, token, amount, 0, data) == CALLBACK_SUCCESS, "callback failed"); // no fee

        IERC20(token).safeTransferFrom(address(receiver), address(this), amount);

        uint256 allowance = IERC20(token).allowance(address(this), ironBank);
        if (allowance < amount) {
            IERC20(token).safeApprove(ironBank, type(uint256).max);
        }

        IronBankInterface(ironBank).repay(address(this), address(this), token, amount);
}

Tool used

Manual Review

Recommendation

Consider setting the allowance to 0 before the max value so that the tx doesnt fail

if (allowance < amount) {
     IERC20(token).safeApprove(ironBank, 0);
     IERC20(token).safeApprove(ironBank, type(uint256).max);
 }

Duplicate of #420
@github-actions github-actions bot added Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Jun 19, 2023
@ibsunhub ibsunhub mentioned this issue Jun 21, 2023
Closed
@sherlock-admin sherlock-admin added Non-Reward This issue will not receive a payout and removed Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Jun 25, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Non-Reward This issue will not receive a payout
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin