Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

approve()/safeApprove() may revert if the current approval is not zero #74

Open
hats-bug-reporter bot opened this issue Nov 9, 2023 · 0 comments
Open

approve()/safeApprove() may revert if the current approval is not zero #74

hats-bug-reporter bot opened this issue Nov 9, 2023 · 0 comments
Labels
bug Something isn't working invalid This doesn't seem right

Comments

@hats-bug-reporter
Copy link

Github username: @saidqayoumsadat
Submission hash (on-chain): 0x01084ca89022df2e567180e61d19471e12a796e4ee32eeda9c6cd4ed1cdac698
Severity: low

Description:
Description

Calling approve() without first calling approve(0) if the current approval is non-zero will revert with some tokens, such as Tether (USDT). While Tether is known to do this, it applies to other tokens as well, which are trying to protect against this attack vector. safeApprove() itself also implements this protection.
Always reset the approval to zero before changing it to a new value (SafeERC20.forceApprove() does this for you), or use safeIncreaseAllowance()/safeDecreaseAllowance()

file: /contracts/mocks/PoolsManagerMock.sol

64        _asset.approve(address(_target), _amount);

69        _asset.approve(address(_target), _amount * 2);

https://github.com/hats-finance/hats-contracts/blob/0d6ebbde912bc272d9b310140d434ee2aacd36d3/contracts/mocks/PoolsManagerMock.sol#L64

file: /contracts/HATArbitrator.sol

166        _vault.approveClaim(_claimId, 0, address(0));

https://github.com/hats-finance/hats-contracts/blob/0d6ebbde912bc272d9b310140d434ee2aacd36d3/contracts/HATArbitrator.sol#L166

file: /contracts/HATClaimsManager.sol

299        _asset.safeApprove(address(_registry), claimBounty.hackerHatVested + claimBounty.governanceHat);

308        _asset.safeApprove(address(_registry), 0);

https://github.com/hats-finance/hats-contracts/blob/0d6ebbde912bc272d9b310140d434ee2aacd36d3/contracts/HATClaimsManager.sol#L299
@hats-bug-reporter hats-bug-reporter bot added the bug Something isn't working label Nov 9, 2023
@jellegerbrandy jellegerbrandy added the invalid This doesn't seem right label Nov 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working invalid This doesn't seem right
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jellegerbrandy