Low Risk
https://github.com/Cyfrin/2023-12-the-standard/blob/91132936cb09ef9bf82f38ab1106346e2ad60f91/contracts/SmartVaultV3.sol#L198
Use increaseAllowance()
/decreaseAllowance()
instead of approve()
/safeApprove()
Changing an allowance with approve() brings the risk that someone may use both the old and the new allowance by unfortunate transaction ordering. Refer to ERC20 API: An Attack Vector on the Approve/TransferFrom Methods. It is recommended to use the increaseAllowance()
/decreaseAllowance()
to avoid this problem.
File: contracts/LiquidationPoolManager.sol
37: eurosToken.approve(pool, _feesForPool);
76: ierc20.approve(pool, erc20balance);
File: contracts/SmartVaultV3.sol
198: IERC20(_params.tokenIn).safeApprove(ISmartVaultManagerV3(manager).swapRouter2(), _params.amountIn);
Github: [198]
See #Vulnerability Details
Manual Review
Use increaseAllowance()
/decreaseAllowance()
instead of approve()
/safeApprove()