_ensureApprove() performs an ERC20.approve() call but does not check the success return value.
Some tokens do not revert if the approval failed but return false instead.
Impact
Tokens that don't actually perform the approve and return false are still counted as a correct approve.
PRAISE
medium
The return value of approve not checked
Summary
ERC20 missing return value check
Vulnerability Detail
_ensureApprove() performs an ERC20.approve() call but does not check the success return value. Some tokens do not revert if the approval failed but return false instead.
Impact
Tokens that don't actually perform the approve and return false are still counted as a correct approve.
Code Snippet
https://github.com/sherlock-audit/2023-04-blueberry/blob/main/blueberry-core/contracts/utils/EnsureApprove.sol#L22-L23
Tool used
Manual Review
Recommendation
I recommend putting the ERC20.approve() call in a require statement.