XDZIBEC
high
The approve()
function does not validate the amount
parameter, this means that a malicious
user could call the approve()
function with an amount
that is greater
than the maximum possible value of a uint256
, this would result in the allowance
variable being set
to an invalid value, which could lead to to transfer tokens from the users to an attacker.
function approve(address spender, uint256 amount) external returns (bool);
/// @notice Transfers `amount` tokens from `sender` to `recipient` up to the allowance given to the `msg.sender`
/// @param sender The account from which the transfer will be initiated
/// @param recipient The recipient of the transfer
/// @param amount The amount of the transfer
/// @return Returns true for a successful transfer, false for unsuccessful
- There is a vulnerability in the
allowance[msg.sender] = amount
; line, theallowance
variable is amapping
from addresses touint256
values, the value of the mapping formsg.sender
is being set toamount
, theamount
parameter is not being validated. this means that amalicious
user could call theapprove()
function with an amount that is greater than the maximum possible value of auint256
, this would result in theallowance
variable beingset
to an invalidvalue
, which could lead to transfer tokens from users to an attacker.
- An attacker could exploit contract and leading to lose token and transfer it from users to the attacker.
- An attacker could exploit this vulnerability :
- A malicious
user
creates a contract that has a function that is designed totransfer
tokens. - The malicious
user
calls theapprove()
function on the contract with anamount
that isgreater
than themaximum
possible value of auint256
. - The
allowance
variable isset
to an invalid value. - The malicious
user
then calls the function on the contract that is designed totransfer
tokens
. - The function
fails
totransfer
thetokens
because the allowance variable is set to aninvalid
value.
- A malicious
Manual Review
-Adding a validation check to the approve()
function, the validation check should ensure that the amount parameter is within the valid range, and to ensure ensure that the amount parameter is not greater than the maximum possible value of a uint256
. This will prevent malicious users from exploiting the bug to set the allowance variable to an invalid value