Omniscia Tokemak Network Audit

SushiSwapControllerV2 Manual Review Findings

SSC-01M: Potentially Dangerous Approval Operation

Type	Severity	Location
Standard Conformity	Minor	SushiSwapControllerV2.sol:L88

Description:

The safeApprove instruction performed by the deploy function will fail to execute properly in case of a contract upgrade as it internally validates that a zero allowance exists in case of a non-zero allowance update. Additionally, it has been marked as "deprecated" by the OpenZeppelin team.

Example:

contracts/controllers/SushiSwapControllerV2.sol

87if (toDeposit) {
88    pair.safeApprove(address(MASTERCHEF), liquidity);
89    depositLPTokensToMasterChef(poolId, liquidity);
90}

Recommendation:

We advise a direct approve instruction to be used instead or a similar paradigm to the _approve function.

Alleviation:

The _approve function was refactored to accept an additional argument and is now safely utilized in the linked code.

Omniscia Tokemak Network Audit

SushiSwapControllerV2 Manual Review Findings

SushiSwapControllerV2 Manual Review Findings

SSC-01M: Potentially Dangerous Approval Operation

Description:

Example:

Recommendation:

Alleviation:

Staking.sol (STA-M)

SushiswapControllerV1.sol (SCV-M)

On this page