Omniscia Alliance Block Audit
SubscriptionPaymentPortal Static Analysis Findings
SubscriptionPaymentPortal Static Analysis Findings
CON-01S: Deprecated Approval Methodology
Type | Severity | Location |
---|---|---|
Standard Conformity | SubscriptionPaymentPortal.sol:L442 |
Description:
The linked statement invokes the safeApprove
function which has been officially deprecated by the OpenZeppelin standard.
Impact:
The safeApprove
function indirectly validates that the approval that already exists for the target party has been previously set to zero if being set to a non-zero value. This can cause significant issues in the case of upgrade-able contracts or contracts whose allowance may not be utilized in full as subsequent safeApprove
invocations will fail rendering it inoperable.
Example:
442usdt.safeApprove(uniswapRouter, paymentConfig_.priceWithUSDT);
Recommendation:
We advise the code to utilize a safeIncreaseAllowance
and / or a safeDecreaseAllowance
depending on the execution context and desired result.
Alleviation:
The safeIncreaseAllowance
function of the OpenZeppelin library is now utilized instead ensuring the code will behave as expected regardless of the underlying allowance currently set.