QA Report #213
Labels
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Findings
(1) Missing Checks for Address(0x0) when Assigning Values to Address State Variables
Severity: Low
Supportive Evidence
AuraMerkleDrop.sol:
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraMerkleDrop.sol#L79: dao = _newDao;
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraMerkleDrop.sol#L106: auraLocker = IAuraLocker(_newLocker);
AuraStakingProxy.sol:
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraStakingProxy.sol#L101: keeper = _keeper;
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraStakingProxy.sol#L109: pendingOwner = _po;
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraStakingProxy.sol#L139: rewards = _rewards;
AuraVestedEscrow.sol:
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraVestedEscrow.sol#L79: admin = _admin;
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraVestedEscrow.sol#L88: auraLocker = IAuraLocker(_auraLocker);
BalLiquidityProvider.sol:
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/BalLiquidityProvider.sol#L90: IERC20 tkn = IERC20(_erc20);
ClaimFeesHelper.sol:
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/ClaimFeesHelper.sol#L35: booster = IBooster(_booster);
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/ClaimFeesHelper.sol#L36: voterProxy = _voterProxy;
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/ClaimFeesHelper.sol#L37: feeDistro = IFeeDistributor(_feeDistro);
ArbitartorVault.sol:
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/ArbitartorVault.sol#L34: depositor = _depositor;
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/ArbitartorVault.sol#L39: operator = _op;
Booster.sol:
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/Booster.sol#L130: owner = _owner;
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/Booster.sol#L140: feeManager = _feeM;
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/Booster.sol#L150: poolManager = _poolM;
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/Booster.sol#L163: stashFactory = _sfactory;
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/Booster.sol#L169: rewardFactory = _rfactory;
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/Booster.sol#L170: tokenFactory = _tfactory;
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/Booster.sol#L183: rewardArbitrator = _arb;
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/Booster.sol#L193: voteDelegate = _voteDelegate;
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/Booster.sol#L207: lockRewards = _rewards;
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/Booster.sol#L208: stakerRewards = _stakerRewards;
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/Booster.sol#L260: feeTokens[_feeToken].active = _active;
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/Booster.sol#L296: treasury = _treasury;
cCrv.sol:
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/cCrv.sol#L40: operator = _operator;
CrvDepositor.sol:
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/CrvDepositor.sol#L64: feeManager = _feeManager;
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/CrvDepositor.sol#L69: daoOperator = _daoOperator;
PoolManagerV3.sol
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/PoolManagerV3.sol#L42: operator = _operator;
StashFactoryV2.sol
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/StashFactoryV2.sol#L48: v1Implementation = _v1;
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/StashFactoryV2.sol#L49: v2Implementation = _v2;
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/StashFactoryV2.sol#L50: v3Implementation = _v3;
VoterProxy.sol
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/VoterProxy.sol#L75: owner = _owner;
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/VoterProxy.sol#L85: withdrawer = _withdrawer;
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/VoterProxy.sol#L86: rewardDeposit = _rewardDeposit;
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/VoterProxy.sol#L96: gaugeController = _gaugeController;
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/VoterProxy.sol#L97: mintr = _mintr;
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/VoterProxy.sol#L109: operator = _operator;
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/VoterProxy.sol#L119: depositor = _depositor;
Recommendations
Consider adding zero-address checks in the mentioned codebase.
(2) Missing Checks for Address(0x0) when minting
Severity: Low
Supportive Evidence
AuraMinter.sol:
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraMinter.sol#L33: aura.minterMint(_to, _amount);
Recommendations
Consider adding zero-address checks in the mentioned codebase.
(3) Missing Checks for Address(0x0) in Constructors and the Setter Functions
Severity: Non-Critical
Supportive Evidence
AuraMinter.sol:
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraMinter.sol#L21: aura = AuraToken(_aura);
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraMinter.sol#22: _transferOwnership(_dao);
AuraPenaltyForwarder.sol:
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraPenaltyForwarder.sol#L35: distributor = IExtraRewardsDistributor(_distributor);
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraPenaltyForwarder.sol#L36: token = IERC20(_token);
BaseRewardPool.sol:
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/BaseRewardPool.sol#L107: stakingToken = IERC20(stakingToken_);
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/BaseRewardPool.sol#L108: rewardToken = IERC20(rewardToken_);
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/BaseRewardPool.sol#L109: operator = operator_;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/BaseRewardPool.sol#L110: rewardManager = rewardManager_;
Booster.sol:
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/Booster.sol#L103: staker = _staker;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/Booster.sol#L104: minter = _minter;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/Booster.sol#L105: crv = _crv;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/Booster.sol#L106: voteOwnership = _voteOwnership;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/Booster.sol#L107: voteParameter = _voteParameter;
BoosterOwner.sol:
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/BoosterOwner.sol#L77: owner = _owner;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/BoosterOwner.sol#L78: poolManager = _poolManager;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/BoosterOwner.sol#L79: booster = _booster;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/BoosterOwner.sol#L80: stashFactory = _stashFactory;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/BoosterOwner.sol#L81: rescueStash = _rescueStash;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/BoosterOwner.sol#L91: pendingowner = _owner;
CrvDepositor.sol:
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/CrvDepositor.sol#L54: staker = _staker;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/CrvDepositor.sol#L55: minter = _minter;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/CrvDepositor.sol#L56: crvBpt = _crvBpt;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/CrvDepositor.sol#L57: escrow = _escrow;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/CrvDepositor.sol#L59: daoOperator = _daoOperator;
DepositToken.sol:
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/DepositToken.sol#L44: operator = _operator;
ExtraRwardStashV3.sol:
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/ExtraRwardStashV3.sol#L59: crv = _crv;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/ExtraRwardStashV3.sol#L72: operator = _operator;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/ExtraRwardStashV3.sol#L73: staker = _staker;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/ExtraRwardStashV3.sol#L74: gauge = _gauge;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/ExtraRwardStashV3.sol#L75: rewardFactory = _rFactory;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/ExtraRwardStashV3.sol#L148: rewardHook = _hook;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/ExtraRwardStashV3.sol#L162: t.token = _token;
PoolManagerProxy.sol
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/PoolManagerProxy.sol#L27: pools = _pools;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/PoolManagerProxy.sol#L28: owner = _owner;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/PoolManagerProxy.sol#L44: owner = _owner;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/PoolManagerProxy.sol#L49: operator = _operator;
PoolManagerSecondaryProxy.sol
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/PoolManagerSecondaryProxy.sol#L40: gaugeController = _gaugeController;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/PoolManagerSecondaryProxy.sol#L41: pools = _pools;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/PoolManagerSecondaryProxy.sol#L42: booster = _booster;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/PoolManagerSecondaryProxy.sol#L43: owner = _owner;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/PoolManagerSecondaryProxy.sol#L59: owner = _owner;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/PoolManagerSecondaryProxy.sol#L64: operator = _operator;
PoolManagerV3.sol
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/PoolManagerV3.sol#L34: pools = _pools;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/PoolManagerV3.sol#L35: gaugeController = _gaugeController;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/PoolManagerV3.sol#L36: operator = _operator;
RewardFactory.sol
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/RewardFactory.sol#L41: operator = _operator;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/RewardFactory.sol#L42: crv = _crv;
RewardHook.sol
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/RewardHook.sol#L33: stash = _stash;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/RewardHook.sol#L34: rewardToken = _reward;
StashFactoryV2.sol
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/StashFactoryV2.sol#L40: operator = _operator;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/StashFactoryV2.sol#L41: rewardFactory = _rewardFactory;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/StashFactoryV2.sol#L42: proxyFactory = _proxyFactory;
TokenFactory.sol
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/TokenFactory.sol#L36: operator = _operator;
VirtualBalanceRewardPool.sol
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/VirtualBalanceRewardPool.sol#L116: operator = op_;
VoterProxy.sol
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/VoterProxy.sol#L58: mintr = _mintr;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/VoterProxy.sol#L59: crv = _crv;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/VoterProxy.sol#L60: crvBpt = _crvBpt;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/VoterProxy.sol#L61: escrow = _escrow;
https://github.com/code-423n4/2022-05-aura/tree/main/convex-platform/contracts/contracts/VoterProxy.sol#L62: gaugeController = _gaugeController;
Recommendations
Consider adding zero-address checks in the discussed constructors: require(newAddr != address(0));.
(4) SafeApprove() is deprecated in favor of safeIncreaseAllowance() and safeDecreaseAllowance()
Severity: Non-Critical
Supportive Evidence
AuraBalRewardPool.sol:
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraBalRewardPool.sol#L75: rewardToken.safeApprove(_auraLocker, type(uint256).max);
AuraClaimZap.sol:
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraClaimZap.sol#L98: IERC20(crv).safeApprove(crvDepositWrapper, 0);
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraClaimZap.sol#L99: IERC20(crv).safeApprove(crvDepositWrapper, type(uint256).max);
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraClaimZap.sol#L101: IERC20(cvxCrv).safeApprove(cvxCrvRewards, 0);
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraClaimZap.sol#L102: IERC20(cvxCrv).safeApprove(cvxCrvRewards, type(uint256).max);
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraClaimZap.sol#L104: IERC20(cvx).safeApprove(locker, 0);
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraClaimZap.sol#L105: IERC20(cvx).safeApprove(locker, type(uint256).max);
AuraLocker.sol:
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraLocker.sol#L240: IERC20(cvxCrv).safeApprove(cvxcrvStaking, 0);
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraLocker.sol#L241: IERC20(cvxCrv).safeApprove(cvxcrvStaking, type(uint256).max);
AuraMerkleDrop.sol:
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraMerkleDrop.sol#L131: aura.safeApprove(address(auraLocker), 0);
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraMerkleDrop.sol#L132: aura.safeApprove(address(auraLocker), _amount);
AuraPenaltyForwarder.sol:
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraPenaltyForwarder.sol#L41: token.safeApprove(address(distributor), type(uint256).max);
AuraStakingProxy.sol:
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraStakingProxy.sol#L147: IERC20(crv).safeApprove(crvDepositorWrapper, 0);
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraStakingProxy.sol#L148: IERC20(crv).safeApprove(crvDepositorWrapper, type(uint256).max);
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraStakingProxy.sol#L150: IERC20(cvxCrv).safeApprove(rewards, 0);
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraStakingProxy.sol#L151: IERC20(cvxCrv).safeApprove(rewards, type(uint256).max);
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraStakingProxy.sol#L215: _token.safeApprove(rewards, 0);
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraStakingProxy.sol#L216: _token.safeApprove(rewards, type(uint256).max);
AuraVestedEscrow.sol:
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraVestedEscrow.sol#L186: rewardToken.safeApprove(address(auraLocker), claimable);
BalLiquidityProvider.sol:
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/BalLiquidityProvider.sol#L59: tkn.safeApprove(address(bVault), 0);
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/BalLiquidityProvider.sol#L60: tkn.safeApprove(address(bVault), bal);
CrvDepositorWrapper.sol:
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/CrvDepositorWrapper.sol#L52: IERC20(WETH).safeApprove(address(BALANCER_VAULT), type(uint256).max);
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/CrvDepositorWrapper.sol#L53: IERC20(BAL).safeApprove(address(BALANCER_VAULT), type(uint256).max);
BaseRewardPool4626.sol:
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/BaseRewardPool4626.sol#L40: IERC20(asset).safeApprove(operator_, type(uint256).max);
Booster.sol:
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/Booster.sol#L422: IERC20(token).safeApprove(rewardContract,0);
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/Booster.sol#L423: IERC20(token).safeApprove(rewardContract,_amount);
CrvDepositor.sol:
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/CrvDepositor.sol#L199: IERC20(minter).safeApprove(_stakeAddress,0);
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/CrvDepositor.sol#L200: IERC20(minter).safeApprove(_stakeAddress,_amount);
VoterProxy.sol:
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/VoterProxy.sol#L176: IERC20(_token).safeApprove(_gauge, 0);
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/VoterProxy.sol#L177: IERC20(_token).safeApprove(_gauge, balance);
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/VoterProxy.sol#L193: _asset.safeApprove(rewardDeposit, 0);
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/VoterProxy.sol#L194: _asset.safeApprove(rewardDeposit, balance);
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/VoterProxy.sol#L244: IERC20(crvBpt).safeApprove(escrow, 0);
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/VoterProxy.sol#L245: IERC20(crvBpt).safeApprove(escrow, _value);
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/VoterProxy.sol#L255: IERC20(crvBpt).safeApprove(escrow, 0);
https://github.com/code-423n4/2022-05-aura/blob/main/convex-platform/contracts/contracts/VoterProxy.sol#L256: IERC20(crvBpt).safeApprove(escrow, _value);
Impact
Using this deprecated function can lead to unintended reverts and potentially the locking of funds. A deeper discussion on the deprecation of this function is in OpenZeppelin/openzeppelin-contracts#2219
Recommendations
As suggested by the OpenZeppelin, replace safeApprove() with safeIncreaseAllowance() or safeDecreaseAllowance() instead.
(5) Some tokens (like USDT L199) do not work when changing the allowance from an existing non-zero allowance value.
They must first be approved by zero and then the actual allowance must be approved. i.e.
IERC20(token).safeApprove(address(operator), 0);
IERC20(token).safeApprove(address(operator), amount);
The Zapper.approve/approveMaxMany function approves the spender without resetting it to zero first.
Severity: Non-Critical
Supporitve Evidence
AuraBalRewardPool.sol:
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraBalRewardPool.sol#L75: rewardToken.safeApprove(_auraLocker, type(uint256).max);
Impact
When trying to re-approve an already approved token, all transactions revert and the protocol cannot be used.
Recommendations
Approve with a zero amount first before setting the actual amount.
The text was updated successfully, but these errors were encountered: