Trading#_handleDeposit won't work with USDT and other tokens that require zero allowance before approval #241
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-198
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/Trading.sol#L643-L659
Vulnerability details
Impact
USDT and other tokens that require zero allowance before approval will be incompatible as a margin asset
Proof of Concept
Trading#_handleDeposit is used to pull marginAsset from the trader and deposit into the correct vault. Before each deposit it approves the marginAsset to the stableVault then deposits. This is problematic for assets like USDT, which require the current allowance to be zero. After the first deposit, all following deposits for USDT will revert when trying to make the approve call.
Tools Used
Manual Review
Recommended Mitigation Steps
The text was updated successfully, but these errors were encountered: