Platform: Code4rena
Start Date: 24/03/2022
Pot Size: $75,000 USDC
Total HM: 15
Participants: 59
Period: 7 days
Judge: gzeon
Id: 103
League: ETH
Rank: 59/59
Findings: 1
Award: $61.54
π Selected for report: 0
π Solo Findings: 0
π Selected for report: Dravee
Also found by: 0v3rf10w, 0xDjango, 0xNazgul, 0xkatana, ACai, CertoraInc, FSchmoede, Funen, Hawkeye, IllIllI, Jujic, Kenshin, PPrieditis, Picodes, SolidityScan, TerrierLover, Tomio, WatchPug, catchup, csanuragjain, defsec, dimitri, hake, hickuphh3, kenta, minhquanym, obront, peritoflores, rayn, rfa, robee, saian, samruna, tchkvsky, teryanarmen, ych18
61.5429 USDC - $61.54
approveERC20 of LibAsset, line 67 safeApprove to 0 before safeApprove to MAX_INT in line 68. This is because we can only approve their allowance to zero or from zero in SafeERC20.SafeERC20, it is used to prevent front-run by approved addresses and usually users have to do 2 TXs.IERC20(assetId).approve(spender, MAX_INT);#0 - maxklenk
2022-04-14T15:32:09Z
Thanks for your suggestion. We have improved the handling to save gas and renamed the function to be more easy to read. We disagree with the risk attached as it is only a gas improvement.
#1 - gzeoneth
2022-04-16T17:44:50Z
Labeling as gas optimization.