The _approve function in NotionalTradeModule.sol calls the SetToken's invoke function which calls approve for the sendToken if the allowance of the wrapped fCash position is less than the maxAssetAmount. If the sendToken is an ERC token with a non-standard approve function, such as USDT, then the approval might fail if the allowance of the fCash is more than 0 but less than _maxAssetAmount.
Recommended Mitigation Steps
Consider calling the _sendToken's approve function to set the allowance of the fCash position to 0 before approving to _maxAssetAmount.
To ensure that necessary variable addresses aren't set to the zero-address, consider adding zero-address checks for all addresses supplied as input to the constructors.
1. Missing
approve(0)when minting an fCash position fromNotionalTradeModule.solLine References
NotionalTradeModule.sol#L493-L505
Impact
The
_approvefunction inNotionalTradeModule.solcalls theSetToken'sinvokefunction which callsapprovefor thesendTokenif the allowance of the wrapped fCash position is less than themaxAssetAmount. If thesendTokenis an ERC token with a non-standard approve function, such asUSDT, then the approval might fail if the allowance of the fCash is more than 0 but less than_maxAssetAmount.Recommended Mitigation Steps
Consider calling the
_sendToken'sapprovefunction to set the allowance of the fCash position to 0 before approving to_maxAssetAmount.2. Missing zero-address checks
Line References
NotionalTradeModule.sol#L131
WrappedfCashFactory.sol#L17
wfCashBase.sol#L29
Impact
To ensure that necessary variable addresses aren't set to the zero-address, consider adding zero-address checks for all addresses supplied as input to the constructors.