GalloDaSballo
commented
2 years ago Disagree with the finding as the function safeApprove is deprecated in new version of OZ, we are using 0.6.12, also we're using the function to see the allowance once which is absolutely fine
0xleastwood
Handle
pants
Vulnerability details
You use safeApprove of openZeppelin although it's deprecated. (see https://github.com/OpenZeppelin/openzeppelin-contracts/blob/566a774222707e424896c0c390a84dc3c13bdcb2/contracts/token/ERC20/utils/SafeERC20.sol#L38) IERC20(DAI).approve(address(uniswap), amount);
(For example IbbtcVaultZap Initialize function)