Allowance is not set to zero first before approving
Summary
approveTokens did not Approve to zero first. Some ERC20 tokens like USDT require resetting the approval to 0 first before being able to reset it to another value.
Vulnerability Detail
Some non-standard ERC20 tokens, such as USDT, require approve 0 first, otherwise they will revert. The approveTokens method in SdtUtilities is not handling this case which makes the modules incompatible with these tokens.
chainNue
medium
Allowance is not set to zero first before approving
Summary
approveTokens
did not Approve to zero first. Some ERC20 tokens like USDT require resetting the approval to 0 first before being able to reset it to another value.Vulnerability Detail
Some non-standard ERC20 tokens, such as USDT, require approve 0 first, otherwise they will revert. The
approveTokens
method inSdtUtilities
is not handling this case which makes the modules incompatible with these tokens.On Readme, it states, it will support USDT, thus this issue should be a valid medium one.
Impact
SdtUtilities is not compatible with certain ERC20 tokens for example USDT
Code Snippet
https://github.com/sherlock-audit/2023-11-convergence/blob/main/sherlock-cvg/contracts/utils/SdtUtilities.sol#L214-L221
Tool used
Manual Review
Recommendation
It is recommended to set the allowance to zero before increasing the allowance and use safeApprove/safeIncreaseAllowance.
Duplicate of #35