Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ETHEREUM-CONTRACTS] Non-zero allowance to Superfluid contract could lead to phishing #1193

Open
ngmachado opened this issue Nov 30, 2022 · 0 comments
Open

[ETHEREUM-CONTRACTS] Non-zero allowance to Superfluid contract could lead to phishing #1193

ngmachado opened this issue Nov 30, 2022 · 0 comments
Labels
Project: PROTOCOL-EVMv1 Superfluid protocol EVM v1 implementation in Solidity Type: Security Security related system improvements
Milestone
ethereum-contract...

Comments

@ngmachado
Copy link
Contributor

10. Informational - Non-zero allowance to Superfluid contract could lead to phishing

Non-zero allowances, especially infinite allowances, are generally a concern for users because it implies trusting other addresses with their tokens. No concrete attack vectors were found to leverage such an allowance, but because Super Apps use a custom flowRateAllowance allowance system, enable custom code, and implement callbacks, phishing attacks targeting Superfluid users may use this attack vector.

ref: https://github.com/superfluid-finance/platform-monorepo/issues/76
@hellwolf hellwolf added Tag: TechDebt Technical debt that needs to be addressed Type: Security Security related system improvements and removed Tag: TechDebt Technical debt that needs to be addressed labels Dec 5, 2022
@hellwolf hellwolf changed the title 10. Informational - Non-zero allowance to Superfluid contract could lead to phishing [ETHEREUM-CONTRACTS] 10. Informational - Non-zero allowance to Superfluid contract could lead to phishing Dec 5, 2022
@hellwolf hellwolf added this to the ethereum-contracts security milestone Dec 5, 2022
@hellwolf hellwolf changed the title [ETHEREUM-CONTRACTS] 10. Informational - Non-zero allowance to Superfluid contract could lead to phishing [ETHEREUM-CONTRACTS] Non-zero allowance to Superfluid contract could lead to phishing Dec 5, 2022
@hellwolf hellwolf added the Team: Protocol Protocol Core, Sentinel, Peripherals, Protocol Infrastructure Tools & DevOps label Aug 23, 2023
@hellwolf hellwolf added the Project: PROTOCOL-EVMv1 Superfluid protocol EVM v1 implementation in Solidity label Jan 18, 2024
@hellwolf hellwolf removed the Team: Protocol Protocol Core, Sentinel, Peripherals, Protocol Infrastructure Tools & DevOps label Mar 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Project: PROTOCOL-EVMv1 Superfluid protocol EVM v1 implementation in Solidity Type: Security Security related system improvements
Projects
None yet
Milestone
ethereum-contracts security
Development

No branches or pull requests
2 participants
@hellwolf @ngmachado