Safety of TransferFrom function

Question

I'm learning Solidity and maybe this is a dumb question. Say I have approved X amount of token A to be transferred from my wallet to my deployed contract. What's preventing a hacker writing his own contract and execute something like IERC20(tokenA).transferFrom(mywallet, mycontract, X); I know it's of no benefit to him since he can't get the money out of my contract but it could cause a lot of hassle to me to move money back from my contract back to my wallet. In fact, how does a DEX router prevent this from happening after user did approval?

Does this answer your question? How to programmatically detect and accept ETH and ERC20 deposits — Paul Razvan Berg, Jul 17 '22 at 20:48

score 0 · Answer 1 · answered Jul 17 '22 at 20:35

0

Okay, I think I got the answer myself after reading transferFrom source code. The caller must have allowance of X amount.

answered Jul 17 '22 at 20:35

zhoux_666

1

Safety of TransferFrom function

1 Answers1