[M-6] For some assets, _setProviders will revert if new providers overlap with previous ones.
Description
The _setProviders function has two purposes: setting the providers array with a new set of providers and giving maximum approval for vault assets to all of the new providers.
function _setProviders(ILendingProvider[] memory providers) internal override {
uint256 len = providers.length;
for (uint256 i = 0; i < len;) {
----
IERC20(asset()).approve(
providers[i].approvedOperator(asset(), asset(), debtAsset()), type(uint256).max
);
IERC20(debtAsset()).approve(
providers[i].approvedOperator(debtAsset(), asset(), debtAsset()), type(uint256).max
);
----
}
_providers = providers;
-------
}
This code works for normal tokens, but for tokens that revert on approve if they already have an allowance, it will revert.
For example, USDT.
If a new set of providers have even one provider from the previous, it will revert.
Remediation
Consider resetting allowance to 0 before setting it to the max.
or
Consider using forceApprove from the OZ SafeERC20 library.
[M-6] For some assets, _setProviders will revert if new providers overlap with previous ones.
Description
The _setProviders function has two purposes: setting the providers array with a new set of providers and giving maximum approval for vault assets to all of the new providers.
This code works for normal tokens, but for tokens that revert on
approve
if they already have an allowance, it will revert.For example,
USDT
. If a new set of providers have even one provider from the previous, it will revert.Remediation
Consider resetting allowance to 0 before setting it to the max. or Consider using forceApprove from the OZ SafeERC20 library.