Use of deprecated 'safeApprove' functions in L2TokenReceiver contract, may result in locking of funds and unintended reverts.
Summary
Openzeppelin has deprecated several functions and replaced with newer versions, with safeApprove being one of them.
Vulnerability Details
safeApprove() has been deprecated and the official OpenZeppelin documentation recommends using safeIncreaseAllowance() & safeDecreaseAllowance().
A deeper discussion on the deprecation of this function is in OZ issue #2219. The OpenZeppelin ERC20 safeApprove() function has been deprecated, as seen in the comments of the OpenZeppelin code.
There are 6 instances of this issue in contracts/L2TokenReceiver.sol.
Similar findings in other contests::
Usage of deprecated safeApprove - Spearbit - Paladin.
[L-07] Deprecated safeApprove() function - code4rena- Hubble contest.
Use of deprecated function for setting token allowances - OPENZEPPELIN SECURITY- Pods Finance Ethereum Volatility Vault.
Impact
Using this deprecated function can lead to unintended reverts and potentially the locking of funds.
Tools Used
Manual Review.
Recommendations
Consider replacing safeApprove() with safeIncreaseAllowance() or safeDecreaseAl- lowance() instead (as suggested by the OpenZeppelin comment).
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.