There are many functions across the codebase that will perform an ERC20.approve() call but does not check the success return value. Some tokens do not revert if the approval failed but return false instead.
It is usually good to add a require-statement that checks the return value or to use something like SafeERC20#safeIncreaseAllowance(); unless one is sure the given token reverts in case of a failure.
cryptofish7
commented
2 years ago
Handle
WatchPug
Vulnerability details
There are many functions across the codebase that will perform an ERC20.approve() call but does not check the success return value. Some tokens do not revert if the approval failed but return false instead.
Instances include:
https://github.com/code-423n4/2022-01-trader-joe/blob/a1579f6453bc4bf9fb0db9c627beaa41135438ed/contracts/LaunchEvent.sol#L407-L408
It is usually good to add a require-statement that checks the return value or to use something like
SafeERC20#safeIncreaseAllowance(); unless one is sure the given token reverts in case of a failure.