Lack of proper access control in `approveToRouter` function

Summary

Anyone can give unlimited approval to the Uniswap router for any token in the context of USSD contract.

Vulnerability Detail

The approveToRouter function use a maximum uint256 value as the approval amount, effectively granting unlimited spending allowance to the Uniswap router. This function is marked as public and do not have any modifiers, which means anyone can invoke it.

Impact

An attacker can approve any token to the Uniswap router within the context of the USSD contract.

Code Snippet

USSD.sol#L242-246

    function approveToRouter(address _token) public {
        IERC20Upgradeable(_token).approve(
            address(uniRouter),
            0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
        );

Tool used

Manual Review

Recommendation

Ensure that approveToRouter function is only accessible by authorized entities

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

047.md

047.md

Lack of proper access control in `approveToRouter` function

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Files

047.md

Latest commit

History

047.md

File metadata and controls

Lack of proper access control in approveToRouter function

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Lack of proper access control in `approveToRouter` function