Closed code423n4 closed 2 years ago
gzeon
safeApprove is deprecated, see https://github.com/OpenZeppelin/openzeppelin-contracts/blob/566a774222707e424896c0c390a84dc3c13bdcb2/contracts/token/ERC20/utils/SafeERC20.sol#L38
safeApprove
$grep "safeApprove" -R -n ./contracts ./contracts/Factory.sol:112: token.safeApprove(address(newBasket), bProposal.weights[i]); ./contracts/Basket.sol:276: IERC20(tokens[i]).safeApprove(spender, 0); ./contracts/Basket.sol:277: IERC20(tokens[i]).safeApprove(spender, type(uint256).max);
https://github.com/code-423n4/2021-12-defiprotocol-findings/issues/177
Handle
gzeon
Vulnerability details
Impact
safeApprove
is deprecated, see https://github.com/OpenZeppelin/openzeppelin-contracts/blob/566a774222707e424896c0c390a84dc3c13bdcb2/contracts/token/ERC20/utils/SafeERC20.sol#L38Proof of Concept