Comments (6)
It's still not super obvious to me why this is needed. The link references transaction ordering being a vulnerability, but in the case referenced in the issue both approves are happening within the scope of a single transaction.
Am I missing something? Could you perhaps elaborate on what an example attack would look like if we didn't approve to 0 before doing the other approve? Because again the one in the link doesn't seem to apply.
from yearn-protocol.
see comment : https://github.com/nachomazzara/SafeERC20/blob/master/contracts/libs/SafeERC20.sol#L78
from yearn-protocol.
thanks.
from yearn-protocol.
uniswap did not approve twice.
from yearn-protocol.
Maybe reopen the issue so someone on the core team can take a look?
It looks like we're doing the double-approvals in a bunch of strategies, so not a huge issue, but ultimately may be a waste of gas if I'm understanding it correctly.
from yearn-protocol.
It's the right way to do it with SafeApprove. If the user already has an allowance, you set the allowance to 0 and then set the allowance to max.
from yearn-protocol.
Related Issues (20)
- Portis option not working on Connect Wallet V2 Yearn. HOT 2
- HouseKeeping add updated crvEur strategy HOT 1
- HouseKeeping add updated crvPBTC strategy HOT 2
- HouseKeeping add crvOBTC updated strategy HOT 1
- HouseKeeping add crvTBTC updated strategy HOT 1
- HouseKeeping add crvsUSD updated strategy HOT 1
- HouseKeeping several Curve Strategies HOT 1
- How can I calculate Busd APY HOT 1
- my issue HOT 1
- truffle migration 出错 HOT 1
- Deployment document for mainnet (step-by-step) HOT 5
- Bump solc version to 0.5.17
- Update yVoter Strategies to sync with latest deployed code HOT 1
- Remove old interfaces
- Add complete interfaces for everything HOT 1
- YRegistryV2.sol Abstract vault validation and info mapping to external contract. HOT 5
- Add two new fields to strategy contracts to simplify checking TVL and unused strategies HOT 1
- First vault added to release a new apiVersion is always endorsed HOT 1
- Why can multisig change strategies instantly: Shouldn't only pausing strategies be instant? HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from yearn-protocol.