From 47ded51c434d5f13d37a3d1cc35704894eedf330 Mon Sep 17 00:00:00 2001
From: bt3gl <1130416+bt3gl@users.noreply.github.com>
Date: Sun, 12 Jun 2022 17:00:44 -0700
Subject: [PATCH] Update redacted-cartel.md

---
 .../redacted-cartel.md                        | 34 +++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/Top-Immunefi-Vulnerabilities/redacted-cartel.md b/Top-Immunefi-Vulnerabilities/redacted-cartel.md
index a713dd1..2dcab01 100644
--- a/Top-Immunefi-Vulnerabilities/redacted-cartel.md
+++ b/Top-Immunefi-Vulnerabilities/redacted-cartel.md
@@ -40,5 +40,39 @@ where `allowance(sender, recipient)` should be `allowance(sender, msg.sender)`.
 | spender           | `msg.sender`        | who is calling `transferFrom()`; the operator; who needs allowance approval |
 
 
+<br>
+
+[Here](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/ERC20.sol) is how OpenZeppelin implements this function for `ERC-20`:
+
+```
+    function transferFrom(
+        address from,
+        address to,
+        uint256 amount
+    ) public virtual override returns (bool) {
+        address spender = _msgSender();
+        _spendAllowance(from, spender, amount);
+        _transfer(from, to, amount);
+        return true;
+    }
+```
+
+where
 
 
+```
+    function _spendAllowance(
+        address owner,
+        address spender,
+        uint256 amount
+    ) internal virtual {
+        uint256 currentAllowance = allowance(owner, spender);
+        if (currentAllowance != type(uint256).max) {
+            require(currentAllowance >= amount, "ERC20: insufficient allowance");
+            unchecked {
+                _approve(owner, spender, currentAllowance - amount);
+            }
+        }
+    }
+```
+