Amateur Sable Hyena
Medium
The contracts use OpenZeppelin v4.9.3's SafeERC20, which doesn't properly handle USDT approvals when partial amounts are used in swaps. When a swap uses less than the approved amount, the remaining non-zero allowance can cause future USDT approvals to fail.
When doing swaps, the actual amount used might be less than the approved amount .With USDT, if there's remaining allowance, future approvals will fail.
This happens because USDT requires allowance to be 0 before setting a new value.
Our snippet Code handles both full and partial swaps, as we can see tokenInRefund tracks unused tokens from partial swaps, it occur in the execute function
If swap uses less than approved amount, remaining tokens are refunded, However, remaining USDT allowance isn't reset after partial swaps
Bracket.sol: execute() function using safeApprove
StopLimit.sol: updateApproval() function using safeIncreaseAllowance
No response
No response
The contract may not work properly , and all the Future attempts to approve USDT will fail.
No response
It is recommended to upgrade openzeppelin.