Alchemix Transmuter
Alchemix
DeFiFoundrySolidity
16,653 OP
View results
Previous Next
Submission Details
Severity: low
Invalid

Deprecated usage of `safeApprove` function in strategy contracts

bladesec

Title

Deprecated usage of safeApprove function in strategy contracts

Summary

According to Openzeppelin codebase, safeApprove function is deprecated.

Vulnerability Details

According to Openzeppelin codebase, safeApprove function has issues similar to the ones found in IERC20.approve, and its usage is discouraged.
Here's what's written in openzeppelin codebase:
safeApprove function is deprecated:

/**
* @dev Deprecated. This function has issues similar to the ones found in
* {IERC20-approve}, and its usage is discouraged.
*
* Whenever possible, use {safeIncreaseAllowance} and
* {safeDecreaseAllowance} instead.
*/
function safeApprove(
IERC20 token,
address spender,
uint256 value
) internal {
...

This usage is present in multiple instances across the strategy contracts, including the constructor, _initStrategy, setRouter, and others.

Impact

Using a deprecated function may lead to unexpected issues.

Tools Used

Manual Review

Recommendations

Consider using safeIncreaseAllowance and safeDecreaseAllowance functions fo SafeERC20.

Updates

Appeal created

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Known issue
inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.