ERC20 approve fail for some tokens #538
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-472
partial-25
Incomplete articulation of vulnerability; eligible for partial credit only (25%)
Lines of code
https://github.com/code-423n4/2023-01-astaria/blob/main/src/ClearingHouse.sol#L148
Vulnerability details
Impact
Some tokens (like USDT) do not work when changing the allowance from an existing non-zero allowance value. They must first be approved by zero and then the actual allowance must be approved.
Proof of Concept
Tools Used
Manual Review
Recommended Mitigation Steps
Use approve(0) to set the allowance to zero immediately before existing approve() calls.
The text was updated successfully, but these errors were encountered: