Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deprecated safeApprove() function #59

Open
hats-bug-reporter bot opened this issue Nov 5, 2023 · 1 comment
Open

Deprecated safeApprove() function #59

hats-bug-reporter bot opened this issue Nov 5, 2023 · 1 comment
Labels
bug Something isn't working invalid This doesn't seem right

Comments

@hats-bug-reporter
Copy link

Github username: --
Submission hash (on-chain): 0x013b8f250b24421352d875f4e429ba781770429c144298172fc00cec16953930
Severity: low

Description:
Description

Using this deprecated function can lead to unintended reverts and potentially the locking of funds. A deeper discussion on the deprecation of this function is in OZ issue #2219 (OpenZeppelin/openzeppelin-contracts#2219). The OpenZeppelin ERC20 safeApprove() function has been deprecated, as seen in the comments of the OpenZeppelin code.

Attack Scenario
Describe how the vulnerability can be exploited.

Attachments

  1. Proof of Concept (PoC) File

https://github.com/hats-finance/hats-contracts/blob/af0830ef3dccdb0e4bcf0e746147f252c98fd055/contracts/HATVaultsRegistry.sol#L449C36-L449C36

  1. Revised Code File (Optional)

Always do safeApprove(0) if the allowance is being changed, or use safeIncreaseAllowance()

@hats-bug-reporter hats-bug-reporter bot added the bug Something isn't working label Nov 5, 2023
@jellegerbrandy
Copy link

This is a 3 yearhold issue on OZ that you are referring to, if OZ did not think of "fixing" it then neither do we

@jellegerbrandy jellegerbrandy added the invalid This doesn't seem right label Nov 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working invalid This doesn't seem right
Projects
None yet
Development

No branches or pull requests

1 participant