devtooligan
commented
2 years ago I'm not sure why the warden is saying setApprovals is not required.
As for the first approve with 0, I believe that is specifically required by the contract
Closed code423n4 closed 2 years ago
devtooligan
commented
2 years ago I'm not sure why the warden is saying setApprovals is not required.
As for the first approve with 0, I believe that is specifically required by the contract
GalloDaSballo
commented
2 years ago While the merits of a refactoring could be explored (but the warden didn't really do that), there can be gas savings by deleting the code, but that would happen at a loss of functionality.
For that reason am marking the finding invalid
Handle
0x1f8b
Vulnerability details
Impact
Gas saving.
Proof of Concept
The public method
ConvexStakingWrapper.setApprovalsis not required, also the first approve with 0 is not required, because is not possible to changecurveToken,convexBooster,convexTokenandconvexPool, approving once it's enough, so there is no need to have this public method.Tools Used
Manual review.
Recommended Mitigation Steps
Remove
setApprovalsand theIERC20(curveToken).approve(convexBooster, 0);