Omniscia Myso Finance Audit
BalancerV2Looping Static Analysis Findings
BalancerV2Looping Static Analysis Findings
BVL-01S: Deprecated Approval Methodology
| Type | Severity | Location |
|---|---|---|
| Standard Conformity |  | BalancerV2Looping.sol:L126 |
Description:
The linked statement invokes the safeApprove function which has been officially deprecated by the OpenZeppelin standard.
Impact:
The safeApprove function indirectly validates that the approval that already exists for the target party has been previously set to zero if being set to a non-zero value. This can cause significant issues in the case of upgrade-able contracts or contracts whose allowance may not be utilized in full as subsequent safeApprove invocations will fail rendering it inoperable.
Example:
126IERC20Metadata(loan.collToken).safeApprove(BALANCER_V2_VAULT, 0);Recommendation:
We advise the code to utilize a safeIncreaseAllowance and / or a safeDecreaseAllowance depending on the execution context and desired result.
Alleviation (c740f7c6b5ebd365618fd2d7ea77370599e1ca11):
A direct ERC20::approve function invocation was instead preferred by the Myso Finance team that alleviates this exhibit. While the bool result is not evaluated in this context, we consider this exhibit alleviated as tokens that yield false during an ERC20::approve call have not been observed in a production environment.