ERC20 Incompatibility: Lender is not protected for the ERC20 approval race condition #3
Assignees
Labels
bug
Something isn't working
Comments
dextracker
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
This is a legitimate known issue for the ERC20 standard implementation ERC20-issue
Vulnerability Detail
Lender is not protected for the ERC20 approval race conditionImpact
The scenario for exploitation is as follows:
Alice calls approve(Bob, 1000), allocating 1000 tokens for Bob to spend
Alice opts to change the amount approved for Bob to spend to a lesser amount via approve(Bob, 500). Once mined, this decreases the number of tokens that Bob can spend to 500.
Bob sees the transaction and calls transferFrom(Alice, X, 1000) before approve(Bob, 500) has been mined.
If Bob’s transaction is mined prior to Alice’s, 1000 tokens will be transferred by Bob.
However, once Alice’s transaction is mined, Bob can call transferFrom(Alice, X, 500), transferring a total of 1500 tokens despite Alice attempting to limit the total token allowance to 500.
Code Snippet
Tool used
SlitherRecommendation
consider using the
safeIncreaseAllowance()/safeDecreaseAllowance()/forceApproval()pattern fromOpenZeppelin/SafeERC20if gas usage is a concern, similar functionality can be achieved by using an
approveOnlyIfBelowThreshold()||approveOnlyIfApprovalZero()pattern, in which approvals are only set if the approval falls below a predefined threshold, or zero.The text was updated successfully, but these errors were encountered: