Return value of approve
not checked
Not all IERC20 implementations revert()
when there's a failure in approve()
. The function signature has a boolean return value and they indicate errors that way instead. By not checking the return value, operations that should have marked as failed, may potentially go through without actually approving anything.
As we can see the approve
is called in the constructor
and the return value is not checked, so if the approve is fail, the contract should be redeployed to make a successful approve.
Manual Review
Consider checking the return of approve
if they give a bool in return (e.g LINK has a bool return in approve)
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.