In the OpenZeppelin ERC20 contract, the code is written in such a way that user must manually approve spenders to spend their tokens on the user's behalf.
This allowance is then checked when a transfer is made:
function transferFrom(
address from,
address to,
uint256 amount
) public virtual override returns (bool) {
address spender = _msgSender();
_spendAllowance(from, spender, amount);
_transfer(from, to, amount);
return true;
}
However, the way it's currently written requires the user to approve themselves if they want to transfer their own tokens. Why is it written this way? Wouldn't a simple check for from == spender
and then skipping _spendAllowance
suffice?