Lines of code
<https://github.com/code-423n4/2022-06-notional-coop/blob/main/notional-wrapped-fcash/contracts/wfCashBase.sol#L73>
The wfCashBase.initialize sets the allowance for NotionalV2 to the assetToken and underlyingToken to the maximum using SafeApprove. However, according to <https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/utils/SafeERC20.sol#L53-L56>, SafeApprove function requires that the current approval is 0 before setting the new one.
Therefore, if a user want to initialize the contract with a currencyId that has already been used before, because the transaction will revert because the allowance =! 0 (line 68 & line 73).
Recommendation:
Add assetToken.safeApprove(address(NotionalV2), 0) before line 68 and underlyingToken.safeApprove(address(NotionalV2), 0) before line 73
The text was updated successfully, but these errors were encountered:
š 2 0xlgtm and berndartmueller reacted with thumbs down emoji
All reactions