Race condition on ERC20 approval #202
Labels
0 (Non-critical)
Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation
bug
Something isn't working
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
Handle
WatchPug
Vulnerability details
https://github.com/code-423n4/2021-11-unlock/blob/ec41eada1dd116bcccc5603ce342257584bec783/smart-contracts/contracts/ERC20Patched.sol#L600-L610
Using approve() to manage allowances opens yourself and users of the token up to frontrunning.
Explanation of this possible attack vector
See also: 0xProject/0x-monorepo#850
Using increase/decreaseAllowance instead is recommended.
The text was updated successfully, but these errors were encountered: