0xleastwood
commented
2 years ago This is a UX prioritisation. It doesn't make sense to reapprove on each call as there are no tokens in the contract. Will make this non-critical.
Open code423n4 opened 2 years ago
0xleastwood
commented
2 years ago This is a UX prioritisation. It doesn't make sense to reapprove on each call as there are no tokens in the contract. Will make this non-critical.
Handle
itsmeSTYJ
Vulnerability details
Impact
The countless defi hacks have shown that the reason why some of these contracts were exploited is because they:
Proof of Concept
Even though it is more expensive, it is IMO always better to give just enough allowance to execute the transferFrom. A quick ctrl + f search for uint256(-1) will show you which contracts should be updated.