USDT is not supported because of approval mechanism #237
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-198
edited-by-warden
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/Trading.sol#L807
Vulnerability details
Impact
When using the approval mechanism in USDT, the approval must be set to 0 before it is updated.
https://etherscan.io/address/0xdac17f958d2ee523a2206206994597c13d831ec7#code
When
_tigAsset
is USDT,_handleCloseFees()
should first approve(0) and then re-approve, in order to solve the problem that the user has operated beforeProof of Concept
Tools Used
vscode
Recommended Mitigation Steps
Set the allowance to 0 before setting it to the new value.
The text was updated successfully, but these errors were encountered: