Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

plain approve will impact DepositBatch for USDT token when multi-chain deployment active #3

Open
hats-bug-reporter bot opened this issue Jun 20, 2024 · 3 comments
Open

plain approve will impact DepositBatch for USDT token when multi-chain deployment active #3

hats-bug-reporter bot opened this issue Jun 20, 2024 · 3 comments
Labels
low

Comments

@hats-bug-reporter
Copy link

Github username: --
Twitter username: --
Submission hash (on-chain): 0x3b176f1644b312569f5ab491f6c1d4101a3dad77de404565732eeac32fdb36ca
Severity: medium

Description:
Description:

In DepositBatch, multiTokenSwapAndTransfer function, there is a plain Approve ERC20 function which need to be concerned.

When the _token being approved is USDT in Mainnet, it's a well-known issue it will be reverted. The token have limitations when it comes to modifying the allowance from a non-zero value. For instance, the approve() function of Tether (USDT) will throw an error if the current approval is not set to zero.

Based on velvet capital docs, with current depoloyment (BSC and Arbitrum) this USDT is not being an issue, but the Intent OS is aim for multi-chain deployment.

File: DepositBatch.sol
28:   function multiTokenSwapAndTransfer(
29:     FunctionParameters.BatchHandler memory data
30:   ) external payable nonReentrant{
...
50:     // Perform swaps and calculate deposit amounts for each token
51:     for (uint256 i; i < tokenLength; i++) {
52:       address _token = tokens[i];
53:       uint256 balance;
54:       if (_token == _depositToken) {
55:         //Sending encoded balance instead of swap calldata
56:         balance = abi.decode(data._callData[i], (uint256));
57:       } else {
58:         (bool success, ) = SWAP_TARGET.delegatecall(data._callData[i]);
59:         if (!success) revert ErrorLibrary.CallFailed();
60:         balance = _getTokenBalance(_token, address(this));
61:       }
62:       if (balance == 0) revert ErrorLibrary.InvalidBalanceDiff();
63: @>    IERC20(_token).approve(data._target, balance);
64:       depositAmounts[i] = balance;
65:     }

Impact:

Approval of USDT token will fail, deposit will not success for any USDT token on mainnet

Mitigation:

Recommend setting allowance to zero first before setting it to a non zero value, or use a safe increase allowance
@hats-bug-reporter hats-bug-reporter bot added the bug Something isn't working label Jun 20, 2024
@aj07
Copy link

aj07 commented Jun 21, 2024

For the approval of USDT,, which chain you think this will create an issue ?

We will deploy this version for EVM chain only mostly Eth, Base, BNB and arb followed by other EVM chain..

This was referenced Jun 21, 2024
Open
Open
@chainNue
Copy link

For the approval of USDT,, which chain you think this will create an issue ?

We will deploy this version for EVM chain only mostly Eth, Base, BNB and arb followed by other EVM chain..

For sure, the USDT on Ethereum mainnet will be affected. Base, BSC, Arb are not affected. Other EVM, need to check USDT contract's code.

@langnavina97 langnavina97 mentioned this issue Jul 5, 2024
Merged
@langnavina97
Copy link

Thank you for submitting the issue. We've resolved it and pushed the changes, which can be found here: Velvet-Capital@25ef3e7

@chainNue

@langnavina97 langnavina97 added low and removed bug Something isn't working labels Jul 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
low
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@aj07 @langnavina97 @chainNue