The <code>approve</code> function of ERC-20 is vulnerable. Using front-running attack one can spend approved tokens before change of <code>allowance</code> value.
function approve(address _spender, uint _value) returns (bool success) {
require(_value > 10 wei);
return true;
}
function transferFrom(address _spender, uint _value) returns (bool success) {
if (_value < 20 wei) throw;
return true;
}
}
contract New is Token {
// <yes> <report> SOLIDITY_ERC20_APPROVE af782c
function approve(address _spender, uint _value) returns (bool success) {
require(_value > 10 wei);
return true;
}
function transferFrom(address _spender, uint _value) returns (bool success) {
if (_value < 20 wei) throw;
return true;
}
}
contract New2 {
function approve(address _spender, uint _value) returns (bool success) {
require(_value > 10 wei);
return true;
}
function transferFrom(address _spender, uint _value) returns (bool success) {
if (_value < 20 wei) throw;
return true;
}
}
contract ERC20 {
function approve(address spender, uint256 value) public returns (bool);
}
```
### Abstract Syntax Tree
[Click Here](https://astexplorer.net/#/gist/5ab9ffeb46a2c2d2a26fa4b8bd8f3bc9/2f26b644e3dda96381666e1edecb5e52ffc4ffd4) to view the AST for the above code. Code generated from AST Explorer using _solidity-parser-antlr-0.4.11_