Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove custom function allowance #225

Closed
rya-sge opened this issue Sep 11, 2023 · 0 comments
Closed

Remove custom function allowance #225

rya-sge opened this issue Sep 11, 2023 · 0 comments
Labels
enhancement New feature or request Next release The issue has been merged into dev and will be part of the next release Security

Comments

@rya-sge
Copy link
Collaborator

rya-sge commented Sep 11, 2023
edited
Loading

In ERC20BaseModule, we have a function approve(address spender,uint256 amount,uint256 currentAllowance) to be used to avoid the vulnerability describes here: google doc

With OpenZeppelin v4.x, this functions was not necessary since we could use the functions increaseAllowance and decreaseAllowance
Nevertheless, these two functions will be remove in the next OpenZeppelin release.

The reason behind this change should be to make us think if our custom approve function is really necessary, see OpenZeppelin/openzeppelin-contracts#4583

For example, Metamak put a warning with the standard approve function
Screenshot from 2023-12-01 15-23-39

But it is not the case for the custom approval function, which thus can be use to scam token holders
Screenshot from 2023-12-01 15-27-22
@rya-sge rya-sge changed the title Replace custom function allowance by increase&decreaseAllowance Remove custom function allowance ? Sep 11, 2023
@rya-sge rya-sge mentioned this issue Sep 11, 2023
Merged
10 tasks
@rya-sge rya-sge added Security enhancement New feature or request labels Sep 11, 2023
@c4-submissions c4-submissions mentioned this issue Sep 14, 2023
Closed
@rya-sge rya-sge changed the title Remove custom function allowance ? Remove custom function allowance Dec 1, 2023
@rya-sge rya-sge mentioned this issue Dec 1, 2023
Merged
@rya-sge rya-sge added the Next release The issue has been merged into dev and will be part of the next release label Dec 1, 2023
@rya-sge rya-sge closed this as completed May 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request Next release The issue has been merged into dev and will be part of the next release Security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rya-sge