FraxPool.sol has an extra approve() on redemption functions
jasonhuan opened this issue · 7 comments
In FraxPool.sol L242, L274-275, L296, there is an extra approve() which is not necessary for transferring the tokens back to the redeemer in collectRedemption(). This bug has been reported by @samczsun.
Link to bug:
This bug has been fixed in commit: c476638.
25,000 FXS will be rewarded, subject to bug bounty rules and vesting.
@corddry hi, I found an infinite inflation bug not on Ethereum but because of an L2 intrestic characteristics where msg.sender can be null. Where should I report it?
Hey @ytrezq is the bug referring to the same scope and file as fraxpool.sol as before? Or is it a new issue you want to open a new thread on? This issue topic is for a bug back from 2020.
Regardless, you can reach out to me on Telegram for secure communication using this link https://t.me/samkazemian
You can also reach out to Travis Moore on Telegram as well using this link https://t.me/FortisFortuna_89
@samkazemian It’s unrelated, but I don’t think it can be disclosed in public as once becoming a minter, getting infinite supply is a single transaction process.
Understood @ytrezq Can you let me know your Telegram username to communicate privately? My Telegram username is @samkazemian (the same as my github and my Twitter).
@samkazemian : Ok, I just sent you a message from @ytrezq on Telegram.
Just sent you a message on TG