From 9d083126a6a54e851ee4e6d602887084325e1d61 Mon Sep 17 00:00:00 2001 From: cairo Date: Wed, 16 Oct 2024 21:12:18 -0700 Subject: [PATCH 1/2] Add comments --- contracts/token/ERC20/utils/SafeERC20.sol | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/contracts/token/ERC20/utils/SafeERC20.sol b/contracts/token/ERC20/utils/SafeERC20.sol index ed41fb042c9..19c2f3e19e8 100644 --- a/contracts/token/ERC20/utils/SafeERC20.sol +++ b/contracts/token/ERC20/utils/SafeERC20.sol @@ -46,6 +46,11 @@ library SafeERC20 { /** * @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value, * non-reverting calls are assumed to be successful. + * + * IMPORTANT: If the token implements ERC-7674 (ERC-20 with temporary allowance), and if the "client" + * smart contract uses ERC-7674 to set temporary allowances, then the "client" smart contract should avoid using + * this function. Performing a {safeIncreaseAllowance} or {safeDecreaseAllowance} operation on a token contract + * that has a non-zero temporary allowance (for that particular owner-spender) will result in unexpected behavior. */ function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal { uint256 oldAllowance = token.allowance(address(this), spender); @@ -55,6 +60,11 @@ library SafeERC20 { /** * @dev Decrease the calling contract's allowance toward `spender` by `requestedDecrease`. If `token` returns no * value, non-reverting calls are assumed to be successful. + * + * IMPORTANT: If the token implements ERC-7674 (ERC-20 with temporary allowance), and if the "client" + * smart contract uses ERC-7674 to set temporary allowances, then the "client" smart contract should avoid using + * this function. Performing a {safeIncreaseAllowance} or {safeDecreaseAllowance} operation on a token contract + * that has a non-zero temporary allowance (for that particular owner-spender) will result in unexpected behavior. */ function safeDecreaseAllowance(IERC20 token, address spender, uint256 requestedDecrease) internal { unchecked { @@ -70,6 +80,10 @@ library SafeERC20 { * @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value, * non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval * to be set to zero before setting it to a non-zero value, such as USDT. + * + * NOTE: If the token implements ERC-7674, this function will not modify any temporary allowance. This function + * only sets the "standard" allowance. Any temporary allowance will remain active, in addition to the value being + * set here. */ function forceApprove(IERC20 token, address spender, uint256 value) internal { bytes memory approvalCall = abi.encodeCall(token.approve, (spender, value)); From b3972a4e0f282071970a1b41d8d2f1780ccdcc9d Mon Sep 17 00:00:00 2001 From: cairo Date: Wed, 16 Oct 2024 21:14:02 -0700 Subject: [PATCH 2/2] Add changeset --- .changeset/yellow-tables-sell.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .changeset/yellow-tables-sell.md diff --git a/.changeset/yellow-tables-sell.md b/.changeset/yellow-tables-sell.md new file mode 100644 index 00000000000..f8cdc8d306b --- /dev/null +++ b/.changeset/yellow-tables-sell.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`SafeERC20`: Document risks of `safeIncreaseAllowance` and `safeDecreaseAllowance` when associated with ERC-7674.