|Ethereum & Optimism
SIP-335 proposes a minor change to Synthetix V3's implementation of ERC20 that allows 0 value approvals, which is needed for token revokes. Currently, due to a check in
_checkZeroAddressOrAmount, the lowest value that can be set is 1 and an
InvalidParameter revert is thrown when 0 is passed.
By not reverting and allowing 0 value approvals, it means the ERC20 implementation allows for downstream services and users to fall inline with the recommendation defined in EIP-20 to prevent certain attack vectors.
To prevent attack vectors, clients SHOULD make sure to create user interfaces in such a way that they set the allowance first to 0 before setting it to another value for the same spender. THOUGH The contract itself shouldn’t enforce it, to allow backwards compatibility with contracts deployed before
Implementation entails a slight modification to
_approve(address owner, address spender, uint256 amount) (which calls
_checkZeroAddressOrAmount) to only check for zero address. However, given that
_checkZeroAddressOrAmount is also used in
_mint(address to, uint256 amount) and
_transfer(address from, address to, uint256 amount), to preserve this functionality, it is necessary to add a
_checkZeroAddress specifically for
Copyright and related rights waived via CC0.