search

code-423n4 / 2023-06-xeth-mitigation-findings

0 stars 0 forks source link

M-04 MitigationConfirmed #12

Open code423n4 opened 1 year ago

code423n4 commented 1 year ago

Lines of code

Vulnerability details

Lines of code

Vulnerability details

Comments

The issue shows that the safeApprove function from OpenZeppelin SafeERC20 will revert if the current allowance is not zero when approving tokens. It will dos the addLiquidity and addLiquidityOnlyStETH functions of AMO.

The mitigation commit replaces all the safeApprove function by standard approve function. It's valid.

Suggestion

The OpenZeppelin SafeERC20 wrappers around ERC20 operations that throw on failure (when the token contract returns false). If you really want to avoid some erc20 with non-standard implementations, you can use safeApprove like:

erc20.safeApprove(addr, 0);
erc20.safeApprove(addr, value);

But in practice, the safeApprove has been marked as "Deprecated". Use safeIncreaseAllowance and safeDecreaseAllowance instead.

c4-judge commented 1 year ago

kirk-baird marked the issue as satisfactory

c4-judge commented 1 year ago

kirk-baird marked the issue as confirmed for report