Closed code423n4 closed 3 years ago
shw
The contracts BadgerYieldSource and SushiYieldSource are not upgradeable since they do not inherit from any Openzeppelin's upgradeable contract (e.g., ERC20Upgradeable) as the other yield source contracts.
BadgerYieldSource
SushiYieldSource
ERC20Upgradeable
Referenced code: BadgerYieldSource.sol#L13 SushiYieldSource.sol#L13
Make BadgerYieldSource and SushiYieldSource upgradable.
We don't want them to be upgradeable! It's a feature not a bug.
Per sponsor, feature, not bug. Closing.
Handle
shw
Vulnerability details
Impact
The contracts
BadgerYieldSource
andSushiYieldSource
are not upgradeable since they do not inherit from any Openzeppelin's upgradeable contract (e.g.,ERC20Upgradeable
) as the other yield source contracts.Proof of Concept
Referenced code: BadgerYieldSource.sol#L13 SushiYieldSource.sol#L13
Recommended Mitigation Steps
Make
BadgerYieldSource
andSushiYieldSource
upgradable.