A sender can never remove an approval from a forwarder.

Summary

Once a sender approves a forwarder for a market, the sender can never remove such approval from the forwarder.

Vulnerability Detail

The approveMarketForwarder function allows a sender to approve a forwarder contract to use the sender's address as a sender for a specific market.

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2Context.sol#L87-L96

However, once this approval is authorized, there is no way to revoke such authorization. This is a serious security problem since the sender might lose trust to the forwarder and wants to revoke such authorization.

Impact

A sender can not revoke an approval from a forwarder. When a forwarder becomes malicious or compromised, this can be a a problem.

Code Snippet

See above

Tool used

VSCode

Manual Review

Recommendation

Add a function removeApprovalFromMarketForwarder() so that a sender can remove the approval for a market from a forwarder.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

098.md

098.md

A sender can never remove an approval from a forwarder.

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Files

098.md

Latest commit

History

098.md

File metadata and controls

A sender can never remove an approval from a forwarder.

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation