It seems that The approve function could be used in an attack that allows a spender to transfer more tokens than the owner of the tokens ever wanted to allow the spender to transfer.
It is advised to use safeapprove.
I import the library SafeERC20
I invoke it from the contract
contract XVORTEX is ERC20, ERC20Detailed, ERC20Pausable{
using SafeERC20 for ERC20;
constructor(
string memory _name,
string memory _symbol,
uint256 _initialSupply
)
ERC20Detailed(_name,_symbol, 18)
public {
_mint(msg.sender, _initialSupply);
}
}
But what I don't understand is how to write the approve function, or how to publish the safeapprove function.
/**
* @title SafeERC20
* @dev Wrappers around ERC20 operations that throw on failure (when the token
* contract returns false). Tokens that return no value (and instead revert or
* throw on failure) are also supported, non-reverting calls are assumed to be
* successful.
* To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
* which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
*/
See the last line. Also, note that this is not supposed to be used inside your ERC20 token contract but a dapp like uniswap.
You don't have to expose it within your ERC20 token contract but for other contracts e.g. if you're making a DEX, you do.
Also just to add, the potential attack vector with approve isn't really fixed with safe approve... see this for more info. If you're going to create an ERC20 token, add the increase / decrease allowance functions and use those instead. You will still want the approve function to be ERC20 compliant though.