From b4935ff2c3b5ac897517af19b6fb626a800eee98 Mon Sep 17 00:00:00 2001 From: Kirill Fedoseev Date: Thu, 2 Sep 2021 16:03:18 +0300 Subject: [PATCH] Use SafeERC20.safeApprove (#67) --- contracts/interfaces/ILegacyERC20.sol | 5 +++++ .../modules/interest/AAVEInterestERC20.sol | 9 ++++++--- .../modules/interest/CompoundInterestERC20.sol | 7 +++++-- 3 files changed, 16 insertions(+), 5 deletions(-) create mode 100644 contracts/interfaces/ILegacyERC20.sol diff --git a/contracts/interfaces/ILegacyERC20.sol b/contracts/interfaces/ILegacyERC20.sol new file mode 100644 index 0000000..d8948c1 --- /dev/null +++ b/contracts/interfaces/ILegacyERC20.sol @@ -0,0 +1,5 @@ +pragma solidity 0.7.5; + +interface ILegacyERC20 { + function approve(address spender, uint256 amount) external; // returns (bool); +} diff --git a/contracts/upgradeable_contracts/modules/interest/AAVEInterestERC20.sol b/contracts/upgradeable_contracts/modules/interest/AAVEInterestERC20.sol index cd9e6cd..b09e2d3 100644 --- a/contracts/upgradeable_contracts/modules/interest/AAVEInterestERC20.sol +++ b/contracts/upgradeable_contracts/modules/interest/AAVEInterestERC20.sol @@ -6,6 +6,7 @@ import "../../../interfaces/IAToken.sol"; import "../../../interfaces/IOwnable.sol"; import "../../../interfaces/ILendingPool.sol"; import "../../../interfaces/IStakedTokenIncentivesController.sol"; +import "../../../interfaces/ILegacyERC20.sol"; import "../MediatorOwnableModule.sol"; import "./BaseInterestERC20.sol"; @@ -100,7 +101,9 @@ contract AAVEInterestERC20 is BaseInterestERC20, MediatorOwnableModule { interestParams[_token] = InterestParams(aToken, _dust, 0, _interestReceiver, _minInterestPaid); - IERC20(_token).approve(address(lendingPool()), uint256(-1)); + // SafeERC20.safeApprove does not work here in case of possible interest reinitialization, + // since it does not allow positive->positive allowance change. However, it would be safe to make such change here. + ILegacyERC20(_token).approve(address(lendingPool()), uint256(-1)); emit InterestEnabled(_token, address(aToken)); emit InterestDustUpdated(_token, _dust); @@ -195,7 +198,7 @@ contract AAVEInterestERC20 is BaseInterestERC20, MediatorOwnableModule { * @dev Claims stkAAVE token received by supplying underlying tokens and transfers it to the associated AAVE receiver. * @param _assets aTokens addresses to claim stkAAVE for. */ - function claimAaveAndPay(address[] calldata _assets) external { + function claimAaveAndPay(address[] calldata _assets) external onlyEOA { uint256 balance = aaveAmount(_assets); require(balance >= minAavePaid); @@ -225,7 +228,7 @@ contract AAVEInterestERC20 is BaseInterestERC20, MediatorOwnableModule { uint256 balance = IERC20(_token).balanceOf(address(this)); IERC20(_token).safeTransfer(mediator, balance); - IERC20(_token).approve(address(lendingPool()), 0); + IERC20(_token).safeApprove(address(lendingPool()), 0); emit ForceDisable(_token, balance, aTokenBalance, params.investedAmount); diff --git a/contracts/upgradeable_contracts/modules/interest/CompoundInterestERC20.sol b/contracts/upgradeable_contracts/modules/interest/CompoundInterestERC20.sol index 565f4b1..ac0e191 100644 --- a/contracts/upgradeable_contracts/modules/interest/CompoundInterestERC20.sol +++ b/contracts/upgradeable_contracts/modules/interest/CompoundInterestERC20.sol @@ -5,6 +5,7 @@ import "@openzeppelin/contracts/math/SafeMath.sol"; import "../../../interfaces/ICToken.sol"; import "../../../interfaces/IComptroller.sol"; import "../../../interfaces/IOwnable.sol"; +import "../../../interfaces/ILegacyERC20.sol"; import "../MediatorOwnableModule.sol"; import "./BaseInterestERC20.sol"; @@ -78,7 +79,9 @@ contract CompoundInterestERC20 is BaseInterestERC20, MediatorOwnableModule { interestParams[token] = InterestParams(_cToken, _dust, 0, _interestReceiver, _minInterestPaid); - IERC20(token).approve(address(_cToken), uint256(-1)); + // SafeERC20.safeApprove does not work here in case of possible interest reinitialization, + // since it does not allow positive->positive allowance change. However, it would be safe to make such change here. + ILegacyERC20(token).approve(address(_cToken), uint256(-1)); emit InterestEnabled(token, address(_cToken)); emit InterestDustUpdated(token, _dust); @@ -217,7 +220,7 @@ contract CompoundInterestERC20 is BaseInterestERC20, MediatorOwnableModule { uint256 balance = IERC20(_token).balanceOf(address(this)); IERC20(_token).safeTransfer(mediator, balance); - IERC20(_token).approve(address(cToken), 0); + IERC20(_token).safeApprove(address(cToken), 0); emit ForceDisable(_token, balance, cTokenBalance, params.investedAmount);