Summary

The approveRewardTokens function in SDLPoolCCIPControllerPrimary is currently utilizing the deprecated safeApprove function from OpenZeppelin. This deprecated function can lead to unintended reverts and potential issues with fund locking.

Vulnerability Details

The usage of the deprecated safeApprove function is flagged as a concern due to the possibility of unintended reverts. The OpenZeppelin ERC20 safeApprove() function has been deprecated, and it's advised to replace it with safer alternatives like safeIncreaseAllowance or safeDecreaseAllowance.

Impact

The impact of using the deprecated safeApprove function includes the risk of unintended reverts, potentially leading to the locking of funds. This can affect the functionality and reliability of the approveRewardTokens function.

Tools Used

Manual code review, and OpenZeppelin issue #2219 ( https://github.com/OpenZeppelin/openzeppelin-contracts/issues/2219 ).

Recommendations

It is recommended to replace the deprecated safeApprove function with safer alternatives, such as safeIncreaseAllowance or safeDecreaseAllowance, as suggested in the OpenZeppelin comments. This update ensures compatibility with modern best practices and avoids potential issues related to deprecated functionality.