Straight Silver Tortoise
Medium
Incorrect use of msg.sender in the token approval callback will cause the callback to fail for the token contract as any account attempting to approve the token will be rejected since the msg.sender will always be the address of the account trying to approve the tokens, not the token contract itself.
In the code, require(msg.sender == _nativeTokenAddress, "only accept native token approve callback");, the root cause is that msg.sender is being compared to _nativeTokenAddress, expecting the token contract address to call the function, while msg.sender in this context will be the address of the account that wants to approve the tokens.
No response
No response
No response
The token approval callback will always revert, causing users to be unable to approve tokens for transactions. The affected party is the user attempting to approve tokens, resulting in failed approvals and blocking protocol interactions. There is no financial loss, but the functionality is disrupted.
No response
No response