search

sujithsomraaj / lifi-stargate-v2-audit

3 Day Review [10 Jun 2024 - 13 Jun 2024]
0 stars 0 forks source link

Use `safeApprove` instead of `approve` #4

Open sujithsomraaj opened 5 months ago

sujithsomraaj commented 5 months ago

Context: StargateFacetV2.sol#L125, StargateFacetV2.sol#L128

Description: StargateV2Facet occasionally has to approve the Stargate router contract. The contract inherits SafeTransferLib from the Solady library but is left unused. 

if (currentAllowance < _bridgeData.minAmount) {
    // check if allowance is 0
    if (currentAllowance != 0) {
        sendingAsset.approve(routerAddress, 0);
    }
    // set allowance to uintMax
    sendingAsset.approve(routerAddress, type(uint256).max);
}

Recommendation: Consider using the safeApprove function from Solady to avoid incompatibility with unusual token implementations like USDT on the mainnet.

LI.FI:

Researcher:

0xDEnYO commented 5 months ago

You are absolutely right. That was an oversight. Added it. Closing this issue.