Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible race condition when using the approve() functionality. #715

Closed
code423n4 opened this issue Jul 3, 2023 · 2 comments
Closed

Possible race condition when using the approve() functionality. #715

code423n4 opened this issue Jul 3, 2023 · 2 comments
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working duplicate-784 unsatisfactory does not satisfy C4 submission criteria; not eligible for awards

Comments

@code423n4
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2023-06-lybra/blob/main/contracts/lybra/token/EUSD.sol#L200-L204
https://github.com/code-423n4/2023-06-lybra/blob/main/contracts/lybra/token/EUSD.sol#L226-L233
https://github.com/code-423n4/2023-06-lybra/blob/main/contracts/lybra/token/EUSD.sol#L153-L157

Vulnerability details

Impact

There is a gap between the creation of a transaction and the moment it is accepted in the blockchain. Therefore, an attacker can take advantage of this gap to put a contract in a state that advantages them.

Proof of Concept

Suppose Alice has approved Bob to spend 100 tokens on her behalf. She then decides to only approve him for 50 tokens and sends a second approve transaction. However, Bob sees that he's about to be downgraded and quickly submits a transferFrom for the original 100 tokens he was approved for. Additionally he prioritizes it by setting a high fee to ensure it gets executed before Alice's second transaction - approve("Bob", 50). If this transaction gets mined before Alice's second approve, Bob will be able to spend 150 of Alice's tokens.

There's a well known vulnerability with front running the approve function as mentioned in the following resources: 1, 2, 3, 4, 5, 6.

Tools Used

Manual Review

Recommended Mitigation Steps

  • For the ERC20 bug, insist that Alice only be able to approve Bob when he is approved for 0 tokens.

  • Consider use safeIncreaseAllowance and safeDecreaseAllowance.

Assessed type

ERC20
@code423n4 code423n4 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Jul 3, 2023
code423n4 added a commit that referenced this issue Jul 3, 2023
@code423n4
j4ld1na issue #715
9793a34
@c4-pre-sort
Copy link

JeffCX marked the issue as duplicate of #784

@c4-judge
Copy link
Contributor

0xean marked the issue as unsatisfactory:
Invalid

@c4-judge c4-judge added the unsatisfactory does not satisfy C4 submission criteria; not eligible for awards label Jul 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working duplicate-784 unsatisfactory does not satisfy C4 submission criteria; not eligible for awards
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@code423n4 @c4-judge @c4-pre-sort