Alchemix Transmuter
Alchemix
DeFiFoundrySolidity
16,653 OP
View results
Previous Next
Submission Details
Severity: low
Invalid

Potential Gas Inefficiency in Approval Operations

galturok

Description

In the _initStrategy and setRouter functions, the contract grants an infinite approval to the router for the underlying token:

function _initStrategy() internal {
router = 0xa062aE8A9c5e11aaA026fc2670B0D65cCc8B2858;
underlying.safeApprove(address(router), type(uint256).max);
}
function setRouter(address _router) external onlyManagement {
router = _router;
underlying.safeApprove(router, type(uint256).max);
}

Granting infinite approval can lead to gas inefficiencies when approvals need to be updated or reset, as changing an approval from a non-zero value to another non-zero value requires an extra transaction due to some ERC20 tokens' implementation (e.g., USDT).

Impact

  • Gas Waste: Users might incur higher gas costs if approvals need to be reset or updated, especially if the underlying token's approve function requires setting the allowance to zero before setting a new value.

  • Operational Delay: Additional transactions may be needed to reset approvals, leading to delays in contract operations.

Recommendation

  • Use safeIncreaseAllowance and safeDecreaseAllowance: Instead of setting infinite approvals, adjust the allowance as needed using safeIncreaseAllowance and safeDecreaseAllowance functions from OpenZeppelin's SafeERC20 library.

    function setRouter(address _router) external onlyManagement {
    // Reset approval for the old router
    underlying.safeApprove(router, 0);
    router = _router;
    // Increase allowance as needed
    underlying.safeIncreaseAllowance(router, requiredAllowance);
    }
Updates

Appeal created

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.