Deprecated OpenZeppelin functions should not be used
Summary
Openzeppelin has deprecated several functions and replaced with newer versions
Vulnerability Details
-
Found in src/StrategyArb.sol Line: 27
asset.safeApprove(address(transmuter), type(uint256).max); -
Found in src/StrategyArb.sol Line: 37
underlying.safeApprove(address(router), type(uint256).max); -
Found in src/StrategyArb.sol Line: 44
underlying.safeApprove(router, type(uint256).max); -
Found in src/StrategyMainnet.sol Line: 35
asset.safeApprove(address(transmuter), type(uint256).max); -
Found in src/StrategyMainnet.sol Line: 45
underlying.safeApprove(address(router), type(uint256).max); -
Found in src/StrategyOp.sol Line: 27
asset.safeApprove(address(transmuter), type(uint256).max); -
Found in src/StrategyOp.sol Line: 39
underlying.safeApprove(address(router), type(uint256).max); -
Found in src/StrategyOp.sol Line: 50
underlying.safeApprove(router, type(uint256).max); -
Found in src/mock/TokenAdapterMock.sol Line: 32
IERC20(IYieldToken(token).underlying()).safeApprove(token, _amount);
Impact
safeApprove() was deprecated because it can lead to transaction failures in certain scenarios, particularly when trying to modify an existing non-zero allowance. This can cause transactions to revert unexpectedly.
Tools Used
aderyn
slither
manual review
Recommendations
OpenZeppelin recommends using safeIncreaseAllowance() and safeDecreaseAllowance() instead, as these functions handle allowance modifications more safely by preventing race conditions.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.