It seems like the launch of the Geld tokenby @adamscochran introduced a significant flaw within its _transfer function,which is once again a perfect example why audits are not complementary butmandatory.
The Geld token, incorporates a knownpattern where the _transfer function executes specific actions based on certainconditions:
This pattern includes swapping the tokenfor ETH, with portions of the ETH allocated for auto liquidity, team, andrevenue purposes:
The issue arises with the approve callbefore the swap to the router is executed. This function should authorize adesignated router to transfer tokens on behalf of the contract:
However, in this case, it mistakenlyauthorizes the router to transfer tokens from the msg.sender instead of fromthe contract itself:
This oversight leads to a revert in theswapping mechanism due to the lack of proper approval and therefore the wholetransfer call reverts.
Fortunately, it is possible to just changesome parameters such that the condition will not be fulfilled and swapBack isnot invoked.
For instance, when selling, the token isbeing transferred to the pair, governance therefore can simply mark the"to" address (pair) as excluded from the fee, this will therefore notfulfill the condition and not invoke swapBack.
This scenario underscores the importance ofproper auditing and the repetitive approval mistakes, whether it is anincorrect allowance check or an incorrect approval granting. Such an issuecould have been easily caught with testing. Unfortunately, that was not done.
