You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In nTokenERC20Proxy.sol there is no decreaseAllowance()/ IncreasAllowance() function which make it prone for double spending. A malicious attacker can execute a double-spend attack on an allowance by front-running the
execution of an approve() function that alters the state of a balance
This is a well known issue with ERC20. The atomic increase and decrease to allowance also do not fully prevent the attack, it is also a very theoretical attack vector. This should be reduced to 0 Non-Critical.
Handle
JMukesh
Vulnerability details
Impact
In nTokenERC20Proxy.sol there is no decreaseAllowance()/ IncreasAllowance() function which make it prone for double spending. A malicious attacker can execute a double-spend attack on an allowance by front-running the
execution of an approve() function that alters the state of a balance
Proof of Concept
https://github.com/code-423n4/2021-08-notional/blob/main/contracts/external/adapters/nTokenERC20Proxy.sol#L100
Tools Used
manula review
Recommended Mitigation Steps
add increaseAllowance()/ decreaseAllowance() functionality
The text was updated successfully, but these errors were encountered: