Open Zena-park opened 1 day ago
Thanks @Zena-park for this recommendation. Here is the code update : Link Let me know if I should modify anything :)
The current 'onApprove' code is for when the caller is WTON, but what I suggested is when the caller is TON.
It would be better if the onApprove function can be used both when the caller is TON and when it is WTON.
Describe the bug
General users need to (1) swap TON to WTON and
(2) approve WTON to the L1WrappedStakedTON contract in advance to use the depositAndGetWSTON and depositAndGetWSTONTo functions.
Impact
This is very cumbersome. It is inconvenient for users to use the service. Gas costs are higher.
Exploit Scenario
If you approve more WTON than you want to use in the contract, there is a possibility that someone can executed 'depositAndGetWSTON' with your address. This is not strictly an exploit, but you will have to wait 2 weeks to unstake again.
Recommendation
Please add an 'onApprove' function that you can use the depositAndGetWSTON and depositAndGetWSTONTo functions directly using the TON's approveAndCall function.
Refer to the one used in the thanos project. link