Omniscia Tokemak Network Audit
SushiswapControllerV1 Manual Review Findings
SushiswapControllerV1 Manual Review Findings
SCV-01M: Potentially Dangerous Approval Operation
Type | Severity | Location |
---|---|---|
Standard Conformity | Minor | SushiswapControllerV1.sol:L88 |
Description:
The safeApprove
instruction performed by the deploy
function will fail to execute properly in case of a contract upgrade as it internally validates that a zero allowance exists in case of a non-zero allowance update. Additionally, it has been marked as "deprecated" by the OpenZeppelin team.
Example:
contracts/controllers/SushiswapControllerV1.sol
87if (toDeposit) {88 pair.safeApprove(address(MASTERCHEF), liquidity);89 depositLPTokensToMasterChef(poolId, liquidity);90}
Recommendation:
We advise a direct approve
instruction to be used instead or a similar paradigm to the _approve
function.
Alleviation:
The _approve
function was refactored to accept an additional argument and is now safely utilized in the linked code.