code-423n4 / 2021-06-gro-findings

0 stars 1 forks source link

Two SafeApprove calls when it could be just one #84

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

a_delamo

Vulnerability details

Impact

In LifeGuard3Pool and BaseVaultAdaptor contracts, we are doing two approve calls when we could just use one. Doing two safeApprove calls with value = 0 and after value = max doesn't seem to provide any extra feature.

For example:

        IERC20(_token).safeApprove(address(_vault), 0);
        IERC20(_token).safeApprove(address(_vault), type(uint256).max);

kitty-the-kat commented 3 years ago

causes issues with usdt otherwise - could create separate logic to just deal with usdt, but is non-critical.