YieldSourcePrizePool has a check for the supplied yieldSource to be adhering to the interface. This is done via a manual staticcall to one function (depositToken).
The more widespread pattern is using the ERC-165 interface, which not only checks a single functions, but a complete interface.
The staticcall approach has the possibility of wasting gas, should the recipient perform a lot of steps before hitting an exception.
Handle
axic
Vulnerability details
Impact
YieldSourcePrizePool
has a check for the suppliedyieldSource
to be adhering to the interface. This is done via a manualstaticcall
to one function (depositToken
).The more widespread pattern is using the ERC-165 interface, which not only checks a single functions, but a complete interface.
The
staticcall
approach has the possibility of wasting gas, should the recipient perform a lot of steps before hitting an exception.Proof of Concept
This is not critical.
Tools Used
Manual review.
Recommended Mitigation Steps
Use the ERC-165 standard.