Skip to content

Latest commit

 

History

History
23 lines (15 loc) · 640 Bytes

027.md

File metadata and controls

23 lines (15 loc) · 640 Bytes
Raw

Swift Rosewood Jellyfish

medium

OptimismRewardCollector uses one step approval for rewardToken .

Summary

See detail.

Vulnerability Detail

Some tokens do not allow for approval of positive amount when allowance is positive already (to handle approval race condition, most known example is USDT).

Impact

approve() will fail to execute on non-standard tokens which require the approval amount to start from zero

Code Snippet

https://github.com/sherlock-audit/2024-04-alchemix/blob/main/v2-foundry/src/utils/collectors/OptimismRewardCollector.sol#L70

Tool used

Manual Review

Recommendation

safeApprove 0 first.