Skip to content
This repository has been archived by the owner on Dec 17, 2023. It is now read-only.

Latest commit

 

History

History
37 lines (29 loc) · 2.75 KB

127.md

File metadata and controls

37 lines (29 loc) · 2.75 KB
Raw

XDZIBEC

high

XDZIBEC-approve function does not validate amount parameter allow attacker to transfer tokens.

Summary

The approve() function does not validate the amount parameter, this means that a malicious user could call the approve() function with an amount that is greater than the maximum possible value of a uint256, this would result in the allowance variable being set to an invalid value, which could lead to to transfer tokens from the users to an attacker.

Vulnerability Detail

    function approve(address spender, uint256 amount) external returns (bool);

    /// @notice Transfers `amount` tokens from `sender` to `recipient` up to the allowance given to the `msg.sender`
    /// @param sender The account from which the transfer will be initiated
    /// @param recipient The recipient of the transfer
    /// @param amount The amount of the transfer
    /// @return Returns true for a successful transfer, false for unsuccessful
  • There is a vulnerability in the allowance[msg.sender] = amount; line, the allowance variable is a mapping from addresses to uint256 values, the value of the mapping for msg.sender is being set to amount, the amount parameter is not being validated. this means that a malicious user could call the approve() function with an amount that is greater than the maximum possible value of a uint256, this would result in the allowance variable being set to an invalid value, which could lead to transfer tokens from users to an attacker.

Impact

  • An attacker could exploit contract and leading to lose token and transfer it from users to the attacker.
  • An attacker could exploit this vulnerability :
    • A malicious user creates a contract that has a function that is designed to transfer tokens.
    • The malicious user calls the approve() function on the contract with an amount that is greater than the maximum possible value of a uint256.
    • The allowance variable is set to an invalid value.
    • The malicious user then calls the function on the contract that is designed to transfer tokens.
    • The function fails to transfer the tokens because the allowance variable is set to an invalid value.

Code Snippet

https://github.com/sherlock-audit/2023-05-ironbank/blob/main/ib-v2/lib/v3-core/contracts/interfaces/IERC20Minimal.sol#L28C1-L34C79

Tool used

Manual Review

Recommendation

-Adding a validation check to the approve() function, the validation check should ensure that the amount parameter is within the valid range, and to ensure ensure that the amount parameter is not greater than the maximum possible value of a uint256. This will prevent malicious users from exploiting the bug to set the allowance variable to an invalid value