Some tokens (like USDT) do not work when changing the allowance from an
existing non-zero allowance value. They must first be approved by zero and then the actual allowance must be approved.
Also approve() will fail for certain token implementations that do not return a boolean value. Hence it is recommend to use increaseAllowance() and decreaseAllowance()
Vulnerability Detail
approve reverts for tokens like USDT if first not approved to 0
Use of approve over the code incosistently and not considered as best practice
Impact
Reverting in some tokens like USDT, approve returning value not noticed
Deivitto
medium
ERC20
approve
fail for some tokensSummary
Some tokens (like
USDT
) do not work when changing the allowance from an existing non-zero allowance value. They must first be approved by zero and then the actual allowance must be approved.Also
approve()
will fail for certain token implementations that do not return a boolean value. Hence it is recommend to useincreaseAllowance()
anddecreaseAllowance()
Vulnerability Detail
approve
reverts for tokens like USDT if first not approved to0
Use ofapprove
over the code incosistently and not considered as best practiceImpact
Reverting in some tokens like
USDT
, approve returning value not noticedCode Snippet
USDT
fail if not set first to0
https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/governance/UXDGovernor.sol#L198
https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/governance/UXDTimelockController.sol#L52
approve
returning value is ignoredhttps://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/integrations/perp/PerpDepository.sol#L198
https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/integrations/perp/PerpDepository.sol#L286
https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/integrations/perp/PerpDepository.sol#L394
https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/integrations/perp/PerpDepository.sol#L627
https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/integrations/rage-trade/RageDnDepository.sol#L108
Tool used
Manual Review
Recommendation
approve
beforeapprove
increaseAllowance
anddecreaseAllowance
instead ofapprove
revert
/emit
events if needed