Alchemix Transmuter
Alchemix
DeFiFoundrySolidity
16,653 OP
View results
Previous Next
Submission Details
Severity: low
Invalid

Usage of deprecated SafeERC20'ssafeApprove

anis

Summary

The use of safeApprove() for token approvals is deprecated, and continued use of this function could result in failures in subsequent transactions.

Vulnerability Details

The safeApprove() function is deprecated, and its use in contracts could cause reverts and failures in token transfers.

Proof of concept

safeApprove() is used:

https://github.com/Cyfrin/2024-12-alchemix/blob/main/src/StrategyArb.sol#27
https://github.com/Cyfrin/2024-12-alchemix/blob/main/src/StrategyArb.sol#37
https://github.com/Cyfrin/2024-12-alchemix/blob/main/src/StrategyArb.sol#44
https://github.com/Cyfrin/2024-12-alchemix/blob/main/src/StrategyMainnet.sol#35
https://github.com/Cyfrin/2024-12-alchemix/blob/main/src/StrategyMainnet.sol#45
https://github.com/Cyfrin/2024-12-alchemix/blob/main/src/StrategyOp.sol#L27
https://github.com/Cyfrin/2024-12-alchemix/blob/main/src/StrategyOp.sol#L39
https://github.com/Cyfrin/2024-12-alchemix/blob/main/src/StrategyOp.sol#L50

Impact

The protocol may fail to function as intended, and transactions with unsupported tokens could be blocked.

Tools Used

Manual analysis

Recommendations

Replace safeApprove() with safeIncreaseAllowance or safeDecreaseAllowance as recommended by OpenZeppelin.

Updates

Appeal created

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Known issue
inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.