safeApprove() function is deprecated

[masaun]

Severity

• Medium

Vulnerability description

• safeApprove() functuin has been deprecated by OpenZeppelin team: Deprecate SafeERC20.safeApprove OpenZeppelin/openzeppelin-contracts#2268
  • However, safeApprove() is used in the following lines in this repo:
    • https://github.com/hats-finance/hats-contracts/blob/develop/contracts/HATVault.sol#L320
    • https://github.com/hats-finance/hats-contracts/blob/develop/contracts/HATVault.sol#L329
    • https://github.com/hats-finance/hats-contracts/blob/develop/contracts/HATVaultsRegistry.sol#L415
    • https://github.com/hats-finance/hats-contracts/blob/develop/contracts/HATVaultsRegistry.sol#L427

Mitigation steps

• Instead of using safeApprove() function, safeIncreaseAllowance() function and safeDecreaseAllowance() function should be used.
  https://docs.openzeppelin.com/contracts/2.x/api/token/erc20#SafeERC20-safeIncreaseAllowance-contract-IERC20-address-uint256-
  https://docs.openzeppelin.com/contracts/2.x/api/token/erc20#SafeERC20-safeDecreaseAllowance-contract-IERC20-address-uint256-

[lirona]

hi @masaun thanks for the submission. this is nice :)
but unfortunately not relevant for our use case:
https://github.com/OpenZeppelin/openzeppelin-contracts/blob/36951d58386b9fee81b237e6c6626c9115ccef3a/contracts/token/ERC20/utils/SafeERC20.sol#L51

have you submitted this issue through our dapp as well?

[masaun]

@lirona Yes. but I have submitted this issue via your dApp just now. (Sorry for delay to submit it via your dApp)

but unfortunately not relevant for our use case:

Got it. I will try to find another issues.

[lirona]

great, good luck :)

[lirona]

can you please send the transaction hash to https://t.me/Hatsofir ? we don't see it

[masaun]

can you please send the transaction hash to https://t.me/Hatsofir ? we don't see it

@lirona Sure, I sent it just now. Could you check it?