Open code423n4 opened 3 years ago
hickuphh3
This was probably an oversight since
safeApprove()
using SafeERC20Upgradeable for IERC20Upgradeable;
Change
cvxToken.approve(address(cvxRewardsPool), MAX_UINT_256);
to
cvxToken.safeApprove(address(cvxRewardsPool), MAX_UINT_256);
Agree with finding
We ended up using safeApprove as suggested
Handle
hickuphh3
Vulnerability details
Impact
This was probably an oversight since
safeApprove()
for token approvalsusing SafeERC20Upgradeable for IERC20Upgradeable;
was declaredRecommended Mitigation Steps
Change
cvxToken.approve(address(cvxRewardsPool), MAX_UINT_256);
to
cvxToken.safeApprove(address(cvxRewardsPool), MAX_UINT_256);