Clearwood
commented
3 years ago Do you have a list of tokens with this problem? In normal cases this is problematic as it leads to increased costs
Open code423n4 opened 3 years ago
Clearwood
commented
3 years ago Do you have a list of tokens with this problem? In normal cases this is problematic as it leads to increased costs
ghoul-sol
commented
3 years ago making this a non-critical as it is best practices recommendation
Handle
leastwood
Vulnerability details
Impact
Some tokens require resetting approval to
0before another value in order to prevent frontrunning of theapprove()function. Openzeppelin'ssafeApproveimplementation ensures twoapprove()calls are made, enabling all tokens to be used inMISOMarket.solandMISOLauncher.Proof of Concept
https://github.com/sushiswap/miso/blob/master/contracts/MISOMarket.sol#L285 https://github.com/sushiswap/miso/blob/master/contracts/MISOLauncher.sol#L282
Tools Used
Manual code review
Recommended Mitigation Steps
Consider using Openzeppelin's implementation of
safeApprovefor allapprove()calls.