Dev declare that USDT could be used in the future, that's why the safeApprove should be used in the bridgePool function to eliminate the revert/problems with the popular USDT behaviour.
Impact
revert
Code Snippet
function bridgePool(uint256 _pid) external {
if (!isFarmingEnded() || !isWithdrawPeriodEnded() || isBridged[_pid]) {
revert Unauthorized();
}
updatePool(_pid);
PoolInfo storage pool = poolInfo[_pid];
uint256 depositAmount = pool.depositAmount;
if (depositAmount == 0 || address(bridge) == address(0) || pool.l2Farm == address(0)) {
revert BridgeInvalid();
}
IERC20 lpToken = pool.lpToken;
//@audit safeApprove should be used instead.
lpToken.approve(address(bridge), depositAmount);
ArsenLupin
medium
Use safeApprove in the bridgePool instead
Summary
Vulnerability Detail
Dev declare that USDT could be used in the future, that's why the safeApprove should be used in the bridgePool function to eliminate the revert/problems with the popular USDT behaviour.
Impact
revert
Code Snippet
Tool used
Manual Review
Recommendation
safeApprove