Closed sherlock-admin closed 1 year ago
hansfriese
medium
ERC20.approve()
ERC20.approve() is missing the return value check.
Some ERC20 tokens don't revert if the approval is failed but return false instead.
ERC20
false
In this protocol, there is no special requirements of ERC20 token and it migth work unexpectedly with such weird tokens.
With the tokens that don't actually perform the approve and return false are still counted as a correct approve.
Manual Review
Recommend using OpenZeppelin's SafeERC20 library with the safeIncreaseAllowance() and safeDecreaseAllowance.
OpenZeppelin's SafeERC20
safeIncreaseAllowance()
safeDecreaseAllowance
hansfriese
medium
ERC20.approve()
is missing the return value check.Summary
ERC20.approve()
is missing the return value check.Vulnerability Detail
ERC20.approve()
is missing the return value check.Some
ERC20
tokens don't revert if the approval is failed but returnfalse
instead.In this protocol, there is no special requirements of
ERC20
token and it migth work unexpectedly with such weird tokens.Impact
With the tokens that don't actually perform the approve and return
false
are still counted as a correct approve.Code Snippet
Tool used
Manual Review
Recommendation
Recommend using
OpenZeppelin's SafeERC20
library with thesafeIncreaseAllowance()
andsafeDecreaseAllowance
.