slither-check-erc: detect if the token allows transfer to zero

crytic / slither

Static Analyzer for Solidity and Vyper

https://blog.trailofbits.com/2018/10/19/slither-a-solidity-static-analysis-framework/

GNU Affero General Public License v3.0

5.36k stars 974 forks source link

slither-check-erc: detect if the token allows transfer to zero #603

Open montyly opened 4 years ago

montyly commented 4 years ago

If the token reverts when the value is zero, it might break third-party integration.

Additionally, several tokens require the approval to be zero before calling approve with a non-zero value, to prevent the ERC20 race condition. We could also report it.

It's probably worth to update our token integration checklist with these items

Alexintosh commented 4 years ago

Great to see this might be supported soon.