search

code-423n4 / 2021-09-bvecvx-findings

0 stars 0 forks source link

StrategyCvxHelper: safeApprove instead of approve #33

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

hickuphh3

Vulnerability details

Impact

This was probably an oversight since

Recommended Mitigation Steps

Change

cvxToken.approve(address(cvxRewardsPool), MAX_UINT_256);

to

cvxToken.safeApprove(address(cvxRewardsPool), MAX_UINT_256);

GalloDaSballo commented 3 years ago

Agree with finding

GalloDaSballo commented 3 years ago

We ended up using safeApprove as suggested