stake.link

stake.link
DeFiHardhatBridge
27,500 USDC
View results
Submission Details
Severity: low
Invalid

Deprecated `safeApprove` OZ function is used, unintended reverts can happen

Summary

The approveRewardTokens function in SDLPoolCCIPControllerPrimary is currently utilizing the deprecated safeApprove function from OpenZeppelin. This deprecated function can lead to unintended reverts and potential issues with fund locking.

Vulnerability Details

The usage of the deprecated safeApprove function is flagged as a concern due to the possibility of unintended reverts. The OpenZeppelin ERC20 safeApprove() function has been deprecated, and it's advised to replace it with safer alternatives like safeIncreaseAllowance or safeDecreaseAllowance.

Impact

The impact of using the deprecated safeApprove function includes the risk of unintended reverts, potentially leading to the locking of funds. This can affect the functionality and reliability of the approveRewardTokens function.

Tools Used

Manual code review, and OpenZeppelin issue #2219 ( https://github.com/OpenZeppelin/openzeppelin-contracts/issues/2219 ).

Recommendations

It is recommended to replace the deprecated safeApprove function with safer alternatives, such as safeIncreaseAllowance or safeDecreaseAllowance, as suggested in the OpenZeppelin comments. This update ensures compatibility with modern best practices and avoids potential issues related to deprecated functionality.

Updates

Lead Judging Commences

0kage Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
0xtheblackpanther Submitter
over 1 year ago
0kage Lead Judge
over 1 year ago
0xtheblackpanther Submitter
over 1 year ago
0kage Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.