Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

safeApprove of openZeppelin is deprecated #25

Open
code423n4 opened this issue Dec 14, 2021 · 1 comment
Open

safeApprove of openZeppelin is deprecated #25

code423n4 opened this issue Dec 14, 2021 · 1 comment
Labels
0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Something isn't working

Comments

@code423n4
Copy link
Contributor

Handle

robee

Vulnerability details

You use safeApprove of openZeppelin although it's deprecated.
(see https://github.com/OpenZeppelin/openzeppelin-contracts/blob/566a774222707e424896c0c390a84dc3c13bdcb2/contracts/token/ERC20/utils/SafeERC20.sol#L38)
You should change it to increase/decrease Allowance as OpenZeppilin says.
This appears in the following locations in the code base:

    Deprecated safeApprove in RebalanceManager.sol line 83: IERC20(swap.tokenIn).approve.selector, 
    Deprecated safeApprove in RebalanceManager.sol line 130: IERC20(swap.path[0]).approve.selector, 
    Deprecated safeApprove in RebalanceManagerV2.sol line 69: IERC20(swap.path[0]).approve.selector, 
    Deprecated safeApprove in RebalanceManagerV3.sol line 74: IERC20(path[0]).approve.selector, 
    Deprecated safeApprove in SingleNativeTokenExit.sol line 43: token.approve(spender, uint256(-1)); 
    Deprecated safeApprove in SingleNativeTokenExitV2.sol line 54: token.approve(spender, uint256(-1)); 
    Deprecated safeApprove in SingleTokenJoin.sol line 42: token.approve(spender, uint256(-1)); 
    Deprecated safeApprove in SingleTokenJoinV2.sol line 52: token.approve(spender, uint256(-1)); 
@code423n4 code423n4 added 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Something isn't working labels Dec 14, 2021
code423n4 added a commit that referenced this issue Dec 14, 2021
@0xleastwood
Copy link
Collaborator

No direct security risk, so marking as non-critical.

@0xleastwood 0xleastwood added 0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation and removed 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments labels Jan 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants