Rock Paper Scissors
First Flight #38
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing check or guidance for ERC20 approve() requirement

codeaudit0x1

Severity: Low
Impact: Low
Recommendation Type: UX / DevEx Improvement

The functions createGameWithToken() and joinGameWithToken() Both call:

winningToken.transferFrom(msg.sender, address(this), 1);

This assumes the user has previously approved the contract to spend their tokens using:

While this is standard ERC20 behavior, there is no indication or check in the contract that approval has occurred. If approval hasn't been made, the call will revert, which may confuse users.

Recommendations.

  • Alternatively, consider using ERC20 Permit (EIP-2612) to remove the need for a separate approval step.

Updates

Appeal created

m3dython Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Broken Token Game Creation

createGameWithToken and joinGameWithToken functions will revert because they attempt transferFrom without requiring the user to first approve

m3dython Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Broken Token Game Creation

createGameWithToken and joinGameWithToken functions will revert because they attempt transferFrom without requiring the user to first approve

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.