Boxy Ash Ant
High
Contracts uses SafeERC20.safeApprove() which has a known limitation where it reverts when changing a non-zero approval to another non-zero value. This can cause order executions to fail when partial fills occur.
This issue here is that OpenZeppelin's safeApprove() function does not allow changing a non-zero allowance to another non-zero allowance. This will therefore cause all subsequent approval of the tokens to fail after the first approval when all approved amount is not used, dossing the contract's order executions.
function execute(
address target,
bytes memory txData,
uint256 amountIn,
IERC20 tokenIn,
IERC20 tokenOut,
uint16 bips
) internal returns (uint256 swapAmountOut, uint256 tokenInRefund) {
//update accounting
uint256 initialTokenIn = tokenIn.balanceOf(address(this));
uint256 initialTokenOut = tokenOut.balanceOf(address(this));
//approve
tokenIn.safeApprove(target, amountIn);No response
No response
- Initial order execution approves X tokens
- Only Y tokens are used (Y < X)
- Next execution tries to approve
- safeApprove() reverts because previous approval wasn't zero
Failed order executions and creations
No response
Replace safeApprove with forceApprove