This repository has been archived by the owner on Sep 3, 2023. It is now read-only.
dipp - Race condition in the approve function of Pool.sol
#215
Comments
github-actions
bot
added
Duplicate
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
dipp
high
Race condition in the
approvefunction ofPool.solSummary
The
approvefunction inPool.solis vulnerable to a race condition that might allow an approved spender to spend more tokens than intended.Vulnerability Detail
A token holder can change the allowance of a spender by calling the
approvefunction. The spender can front run the call toapproveto spend the previous allowance. When the new allowance is set the spender can transfer more tokens although the owner might have intended for the spender to only be able to spend the new allowance.For example: The owner sets an allowance of 100 tokens for a spender. The owner then decided to decrease the allowance to 50 tokens. The spender sees this and front runs the call to
approveto transfer 100 tokens, reducing the spender's allowance to 0. The call toapprovethen sets the spenders allowance to 50 tokens and the spender is can transfer an additional 50 tokens. The spender transferred 150 tokens instead of the intended 50 tokens.Impact
Spender can transfer more tokens than expected.
Code Snippet
Pool.sol#L299-L303
Tool used
Manual Review
Recommendation
Consider changing the logic of the
approvefunction to increase or decrease the allowance instead of setting it directly.Duplicate of #154
The text was updated successfully, but these errors were encountered: