Discussion to remove increaseAllowance and decreaseAllowance from ERC20 (original) (raw)

If there is another issue that discusses the same topic, feel free to close this one.

I wanted to quickly get your opinion on whether it would make sense to remove the functions increaseAllowance and decreaseAllowance from the ERC20 contract and move it to an extension contract instead. My arguments are the following:

• These functions are not part of the EIP-20 specs.
• These functions may allow for further phishing possibilities (instead of the common approve or permit ones; see e.g. just 12 hours ago someone lost $24m since he got tricked into signing a malicious increaseAllowance payload https://etherscan.io/tx/0xcbe7b32e62c7d931a28f747bba3a0afa7da95169fcf380ac2f7d54f3a2f77913).
• The security concerns that fix increaseAllowance and decreaseAllowance are not critical nor high in the wild (and decreaseAllowance can be frontrunned also) and thus I think the responsibility can be delegated to the devs to decide whether to include it or not.
• If such a change is implemented, the upcoming breaking version 5.0.0 would be suitable.