Omniscia Pirex Audit

PirexCvx Static Analysis Findings

PirexCvx Static Analysis Findings

PCV-01S: Improper Invocation of EIP-20 Approve Function

Description:

The linked statement does not properly validate the returned bool of the EIP-20 standard approve function. As the standard dictates, callers must not assume that false is never returned.

Example:

contracts/PirexCvx.sol
280if (address(unionPirex) != address(0)) {
281 pxCvx.approve(address(unionPirex), 0);
282}
283unionPirex = UnionPirexVault(contractAddress);

Recommendation:

Since not all standardized tokens are EIP-20 compliant (such as Tether / USDT), we advise the already imported SafeTransferLib safe wrapper library to be utilized instead to opportunistically validate the returned bool only if it exists.

Alleviation:

The code was updated to utilize the safeApprove implementation of the solmate library thus ensuring that it properly evaluates the yielded bool for errors.