Unsafe implementation of `decreaseApproval` of `SherXERC20`

[code423n4]

Handle

shw

Vulnerability details

Impact

The decreaseApproval method of SherXERC20 is considered unsafe since the allower has no trivial way to know whether the spender transferred any number of tokens from him before a decreaseApproval call is executed. Please refer to the following link for more details.

Proof of Concept

Referenced code: SherXERC20.sol#L79-L83

OpenZeppelin/openzeppelin-contracts - Method decreaseApproval in unsafe

Recommended Mitigation Steps

Consider using increaseAllowance and decreaseAllowance instead. Besides, increaseApproval and decreaseApproval are replaced in the OpenZeppelin library in this commit.

[Evert0x]

117

[ghoul-sol]

Duplicate of #117 so low risk