Closed guotie closed 3 years ago
thanks.
It's still not super obvious to me why this is needed. The link references transaction ordering being a vulnerability, but in the case referenced in the issue both approves are happening within the scope of a single transaction.
Am I missing something? Could you perhaps elaborate on what an example attack would look like if we didn't approve to 0 before doing the other approve? Because again the one in the link doesn't seem to apply.
uniswap did not approve twice.
Maybe reopen the issue so someone on the core team can take a look?
It looks like we're doing the double-approvals in a bunch of strategies, so not a huge issue, but ultimately may be a waste of gas if I'm understanding it correctly.
It's the right way to do it with SafeApprove. If the user already has an allowance, you set the allowance to 0 and then set the allowance to max.
why first safeApprove(0), then safeApprove(amount)?