SIP-335: Allow revoking ERC20 approvals
| Author | |
|---|---|
| Status | Implemented |
| Type | Governance |
| Network | Ethereum & Optimism |
| Implementor | TBD |
| Release | TBD |
| Proposal | Loading status... |
| Created | 2023-07-26 |
Abstract
SIP-335 proposes a minor change to Synthetix V3's implementation of ERC20 that allows 0 value approvals, which is needed for token revokes. Currently, due to a check in _checkZeroAddressOrAmount, the lowest value that can be set is 1 and an InvalidParameter revert is thrown when 0 is passed.
Motivation
By not reverting and allowing 0 value approvals, it means the ERC20 implementation allows for downstream services and users to fall inline with the recommendation defined in EIP-20 to prevent certain attack vectors.
To prevent attack vectors, clients SHOULD make sure to create user interfaces in such a way that they set the allowance first to 0 before setting it to another value for the same spender. THOUGH The contract itself shouldn’t enforce it, to allow backwards compatibility with contracts deployed before
Specification
Implementation entails a slight modification to _approve(address owner, address spender, uint256 amount) (which calls _checkZeroAddressOrAmount) to only check for zero address. However, given that _checkZeroAddressOrAmount is also used in _mint(address to, uint256 amount) and _transfer(address from, address to, uint256 amount), to preserve this functionality, it is necessary to add a _checkZeroAddress specifically for _approve.
Configurable Values (Via SCCP)
N/A
Copyright
Copyright and related rights waived via CC0.