Closed code423n4 closed 3 years ago
shw
The initialize function in IdleYieldSource and YearnV2YieldSource does not include a __ERC20_init function call such as that in ATokenYieldSource. As a result, the two ERC20 tokens would have empty string as their names or symbols.
initialize
IdleYieldSource
YearnV2YieldSource
__ERC20_init
ATokenYieldSource
Referenced code: IdleYieldSource.sol#L56-L67 YearnV2YieldSource.sol#L66-L93
Provide parameters name and symbol to initialize the ERC20 tokens using __ERC20_init(name, symbol).
name
symbol
__ERC20_init(name, symbol)
See https://github.com/code-423n4/2021-06-pooltogether-findings/issues/60
duplicate of #60
Handle
shw
Vulnerability details
Impact
The
initialize
function inIdleYieldSource
andYearnV2YieldSource
does not include a__ERC20_init
function call such as that inATokenYieldSource
. As a result, the two ERC20 tokens would have empty string as their names or symbols.Proof of Concept
Referenced code: IdleYieldSource.sol#L56-L67 YearnV2YieldSource.sol#L66-L93
Recommended Mitigation Steps
Provide parameters
name
andsymbol
to initialize the ERC20 tokens using__ERC20_init(name, symbol)
.