This repository has been archived by the owner on Nov 26, 2023. It is now read-only.
0xRobocop - FootiumEscrow contract is vulnerable to erc20 approval race conditions #253
Labels
Non-Reward
This issue will not receive a payout
Comments
github-actions
bot
added
High
sherlock-admin
added
Medium
sherlock-admin
added
Non-Reward
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
0xRobocop
medium
FootiumEscrow contract is vulnerable to erc20 approval race conditions
Summary
The
setApprovalForERC20function of theFootiumEscrow.solcontract is vulnerable to the ERC20 race condition approval vulnerability.Vulnerability Detail
Details of the vulnerability can be found here
Impact
The vulnerability if exploited can cause the
FootiumEscrow.solcontract to grant approval for a greater amount of tokens than the wanted.Code Snippet
https://github.com/sherlock-audit/2023-04-footium/blob/main/footium-eth-shareable/contracts/FootiumEscrow.sol#L80
Tool used
Manual Review
Recommendation
Allow a function which the club owner can use
increaseAllowanceanddecreaseAllowanceDuplicate of #8
The text was updated successfully, but these errors were encountered: