Approval attack

[josojo]

https://github.com/gnosis/gnosis-contracts/blob/9285b3e12708b921eecba827161b9295894b406f/contracts/Tokens/StandardToken.sol#L61

Some solidity coders propose to use an approvalIncrease function

• • @dev Approve the passed address to spend the specified amount of tokens on behalf of msg.sender.
  • Beware that changing an allowance with this method brings the risk that someone may use both the old
  • and the new allowance by unfortunate transaction ordering. One possible solution to mitigate this
  • race condition is to first reduce the spender's allowance to 0 and set the desired value afterwards:
  • ERC: Token standard ethereum/EIPs#20 (comment)
  • @param _spender The address which will spend the funds.
  • @param _value The amount of tokens to be spent.
    */
    function approve(address _spender, uint256 _value) public returns (bool) {
    allowed[msg.sender][_spender] = _value;
    Approval(msg.sender, _spender, _value);
    return true;
    }

---

Currently, all our smart contracts are save. But at some point, this might change, hence it would make sense to use an increaseApproval from the start.

An exemplary contract can be found here:
https://github.com/OpenZeppelin/zeppelin-solidity/blob/master/contracts/token/StandardToken.sol

I think it should be done, but it is NOT important currently

[cag]

It looks like #170 will switch to OZ's implementation actually.