Insecure `approve` method
niftyorca opened this issue · comments
niftyorca commented
In the approve branch, the approve
function should not overwrite the allowance, but rather increment/decrement it. In the overwriting scenario, exploits are possible by frontrunning the new approval update tx.
Reference
https://swcregistry.io/docs/SWC-114
MarioDfinity commented
Hey @niftyorca , the approve
function won't be part of the ICRC-1 standard and we decided to move the discussion to an extension of the standard. I'll close this for now.