Deprecated safeApprove() function #59

hats-bug-reporter · 2023-11-05T09:41:43Z

Github username: --
Submission hash (on-chain): 0x013b8f250b24421352d875f4e429ba781770429c144298172fc00cec16953930
Severity: low

Description:
Description

Using this deprecated function can lead to unintended reverts and potentially the locking of funds. A deeper discussion on the deprecation of this function is in OZ issue #2219 (OpenZeppelin/openzeppelin-contracts#2219). The OpenZeppelin ERC20 safeApprove() function has been deprecated, as seen in the comments of the OpenZeppelin code.

Attack Scenario
Describe how the vulnerability can be exploited.

Attachments

Proof of Concept (PoC) File

https://github.com/hats-finance/hats-contracts/blob/af0830ef3dccdb0e4bcf0e746147f252c98fd055/contracts/HATVaultsRegistry.sol#L449C36-L449C36

Revised Code File (Optional)

Always do safeApprove(0) if the allowance is being changed, or use safeIncreaseAllowance()

jellegerbrandy · 2023-11-05T17:20:11Z

This is a 3 yearhold issue on OZ that you are referring to, if OZ did not think of "fixing" it then neither do we

hats-bug-reporter bot added the bug Something isn't working label Nov 5, 2023

jellegerbrandy added the invalid This doesn't seem right label Nov 5, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Deprecated safeApprove() function #59

Deprecated safeApprove() function #59

hats-bug-reporter bot commented Nov 5, 2023

jellegerbrandy commented Nov 5, 2023

Deprecated safeApprove() function #59

Deprecated safeApprove() function #59

Comments

hats-bug-reporter bot commented Nov 5, 2023

jellegerbrandy commented Nov 5, 2023