The countless defi hacks have shown that the reason why some of these contracts were exploited is because they:
gave other core contracts unlimited token allowance
users gave the contracts unlimited token allowance
Proof of Concept
Even though it is more expensive, it is IMO always better to give just enough allowance to execute the transferFrom. A quick ctrl + f search for uint256(-1) will show you which contracts should be updated.
Handle
itsmeSTYJ
Vulnerability details
Impact
The countless defi hacks have shown that the reason why some of these contracts were exploited is because they:
Proof of Concept
Even though it is more expensive, it is IMO always better to give just enough allowance to execute the transferFrom. A quick ctrl + f search for uint256(-1) will show you which contracts should be updated.