Open code423n4 opened 3 years ago
While the arithmetic ceiling is quite high, if an overflow occurred this would significantly disrupt the yield sources. I'd qualify this issue higher as 2 (Med Risk)
.
I agree with the sponsor's risk evaluation. Increasing to medium.
Handle
shw
Vulnerability details
Impact
SafeMath is not completely used at the following lines of yield source contracts, which could potentially cause arithmetic underflow and overflow:
SushiYieldSource
BadgerYieldSource
IdleYieldSource
Proof of Concept
Referenced code: SushiYieldSource.sol#L78 BadgerYieldSource.sol#L67 IdleYieldSource.sol#L91 IdleYieldSource.sol#L98
Recommended Mitigation Steps
Use the SafeMath library functions in the above lines.