search

code-423n4 / 2021-06-pooltogether-findings

0 stars 0 forks source link

ERC20-related variables not initialized #111

Closed code423n4 closed 3 years ago

code423n4 commented 3 years ago

Handle

shw

Vulnerability details

Impact

The initialize function in IdleYieldSource and YearnV2YieldSource does not include a __ERC20_init function call such as that in ATokenYieldSource. As a result, the two ERC20 tokens would have empty string as their names or symbols.

Proof of Concept

Referenced code: IdleYieldSource.sol#L56-L67 YearnV2YieldSource.sol#L66-L93

Recommended Mitigation Steps

Provide parameters name and symbol to initialize the ERC20 tokens using __ERC20_init(name, symbol).

asselstine commented 3 years ago

See https://github.com/code-423n4/2021-06-pooltogether-findings/issues/60

dmvt commented 3 years ago

duplicate of #60