New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wrong amount of allownace approval #118
Comments
Picodes marked the issue as primary issue |
Picodes marked the issue as satisfactory |
Picodes marked issue #488 as primary and marked this issue as a duplicate of 488 |
Picodes changed the severity to 2 (Med Risk) |
Picodes changed the severity to QA (Quality Assurance) |
This previously downgraded issue has been upgraded by Picodes |
Picodes marked the issue as not a duplicate |
Picodes marked the issue as duplicate of #488 |
Lines of code
https://github.com/AstariaXYZ/astaria-gpl/blob/4b49fe993d9b807fe68b3421ee7f2fe91267c9ef/src/ERC4626RouterBase.sol#L21
Vulnerability details
Impact
Detailed description of the impact of this finding.
Wrong amount of allowance approval for the mint() function, which leads to two consequences: the mint() function might fail each time due to insufficient allowance approval; or allowance approved is unnecessary large subject to future exploitation.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
https://github.com/AstariaXYZ/astaria-gpl/blob/4b49fe993d9b807fe68b3421ee7f2fe91267c9ef/src/ERC4626RouterBase.sol#L21
The following allowance approval amount is
shares
, this is wrong since it needs to approve the amount of assets corresponds to thoseshares
.Tools Used
Remix
Recommended Mitigation Steps
We need to approve the amount of assets that corresponds to those
shares
, see below:The text was updated successfully, but these errors were encountered: