Skip to content

Improve SafeERC20 allowance handling #1404

Description

@nventuro

Currently, SafeERC20's allowance-related functionality is restricted to a safeApprove function, which is vulnerable to the well-known non-zero approval issue in the ERC20 spec. We should:

  • add safeIncreaseAllowance and safeDecreaseAllowance, with require on the return value of the ERC20 functions
  • add extra requires to safeApprove so that it only works if the new or old allowance are 0 (i.e. it only sets an initial allowance, or sets it to 0, which are the only safe scenarios).

This way, we'll be guiding users to the best practices regarding ERC20 tokens.

Props to @cwhinfrey and the Level K team for suggesting this!

Metadata

Metadata

Assignees

No one assigned

    Labels

    breaking changeChanges that break backwards compatibility of the public API.contractsSmart contract code.

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions