Closed code423n4 closed 2 years ago
I'm not sure why the warden is saying setApprovals is not required.
As for the first approve with 0, I believe that is specifically required by the contract
While the merits of a refactoring could be explored (but the warden didn't really do that), there can be gas savings by deleting the code, but that would happen at a loss of functionality.
For that reason am marking the finding invalid
Handle
0x1f8b
Vulnerability details
Impact
Gas saving.
Proof of Concept
The public method
ConvexStakingWrapper.setApprovals
is not required, also the first approve with 0 is not required, because is not possible to changecurveToken
,convexBooster
,convexToken
andconvexPool
, approving once it's enough, so there is no need to have this public method.Tools Used
Manual review.
Recommended Mitigation Steps
Remove
setApprovals
and theIERC20(curveToken).approve(convexBooster, 0);