You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Sep 3, 2023. It is now read-only.
github-actionsbot opened this issue
Mar 10, 2023
· 0 comments
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
Race condition in the approve function of Pool.sol
Summary
The approve function in Pool.sol is vulnerable to a race condition that might allow an approved spender to spend more tokens than intended.
Vulnerability Detail
A token holder can change the allowance of a spender by calling the approve function. The spender can front run the call to approve to spend the previous allowance. When the new allowance is set the spender can transfer more tokens although the owner might have intended for the spender to only be able to spend the new allowance.
For example: The owner sets an allowance of 100 tokens for a spender. The owner then decided to decrease the allowance to 50 tokens. The spender sees this and front runs the call to approve to transfer 100 tokens, reducing the spender's allowance to 0. The call to approve then sets the spenders allowance to 50 tokens and the spender is can transfer an additional 50 tokens. The spender transferred 150 tokens instead of the intended 50 tokens.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
dipp
high
Race condition in the
approve
function ofPool.sol
Summary
The
approve
function inPool.sol
is vulnerable to a race condition that might allow an approved spender to spend more tokens than intended.Vulnerability Detail
A token holder can change the allowance of a spender by calling the
approve
function. The spender can front run the call toapprove
to spend the previous allowance. When the new allowance is set the spender can transfer more tokens although the owner might have intended for the spender to only be able to spend the new allowance.For example: The owner sets an allowance of 100 tokens for a spender. The owner then decided to decrease the allowance to 50 tokens. The spender sees this and front runs the call to
approve
to transfer 100 tokens, reducing the spender's allowance to 0. The call toapprove
then sets the spenders allowance to 50 tokens and the spender is can transfer an additional 50 tokens. The spender transferred 150 tokens instead of the intended 50 tokens.Impact
Spender can transfer more tokens than expected.
Code Snippet
Pool.sol#L299-L303
Tool used
Manual Review
Recommendation
Consider changing the logic of the
approve
function to increase or decrease the allowance instead of setting it directly.Duplicate of #154
The text was updated successfully, but these errors were encountered: