Currently, SafeERC20's allowance-related functionality is restricted to a safeApprove function, which is vulnerable to the well-known non-zero approval issue in the ERC20 spec. We should:
- add
safeIncreaseAllowance and safeDecreaseAllowance, with require on the return value of the ERC20 functions
- add extra
requires to safeApprove so that it only works if the new or old allowance are 0 (i.e. it only sets an initial allowance, or sets it to 0, which are the only safe scenarios).
This way, we'll be guiding users to the best practices regarding ERC20 tokens.
Props to @cwhinfrey and the Level K team for suggesting this!
Currently,
SafeERC20's allowance-related functionality is restricted to asafeApprovefunction, which is vulnerable to the well-known non-zero approval issue in the ERC20 spec. We should:safeIncreaseAllowanceandsafeDecreaseAllowance, withrequireon the return value of theERC20functionsrequires tosafeApproveso that it only works if the new or old allowance are 0 (i.e. it only sets an initial allowance, or sets it to 0, which are the only safe scenarios).This way, we'll be guiding users to the best practices regarding
ERC20tokens.Props to @cwhinfrey and the Level K team for suggesting this!