Omniscia Tokemak Network Audit

SushiswapControllerV1 Manual Review Findings

SCV-01M: Potentially Dangerous Approval Operation

Type	Severity	Location
Standard Conformity	Minor	SushiswapControllerV1.sol:L88

Description:

The safeApprove instruction performed by the deploy function will fail to execute properly in case of a contract upgrade as it internally validates that a zero allowance exists in case of a non-zero allowance update. Additionally, it has been marked as "deprecated" by the OpenZeppelin team.

Example:

contracts/controllers/SushiswapControllerV1.sol

87if (toDeposit) {
88    pair.safeApprove(address(MASTERCHEF), liquidity);
89    depositLPTokensToMasterChef(poolId, liquidity);
90}

Recommendation:

We advise a direct approve instruction to be used instead or a similar paradigm to the _approve function.

Alleviation:

The _approve function was refactored to accept an additional argument and is now safely utilized in the linked code.

Omniscia Tokemak Network Audit

SushiswapControllerV1 Manual Review Findings

SushiswapControllerV1 Manual Review Findings

SCV-01M: Potentially Dangerous Approval Operation

Description:

Example:

Recommendation:

Alleviation:

SushiSwapControllerV2.sol (SSC-M)

TokeMigrationPool.sol (TMP-M)

On this page