Open code423n4 opened 3 years ago
ATokenYieldSource: https://github.com/pooltogether/aave-yield-source/tree/fix/119 SushiYieldSource: https://github.com/pooltogether/sushi-pooltogether/pull/new/fix/119 BadgerYieldSource: https://github.com/pooltogether/badger-yield-source/pull/new/fix/119 IdleYieldSource: https://github.com/pooltogether/idle-yield-source/pull/new/fix/119
Handle
shw
Vulnerability details
Impact
The
YearnV2YieldSource
contract prevents thesupplyTokenTo
,redeemToken
, andsponsor
functions from being reentered by applying anonReentrant
modifier. Since these contracts share a similar logic, adding anonReentrant
modifier to these functions in all of the yield source contracts is reasonable. However, the same protection is not seen in other yield source contracts.Proof of Concept
A
nonReentrant
modifier in the following functions is missing:sponsor
function ofATokenYieldSource
supplyTokenTo
andredeemToken
function ofBadgerYieldSource
sponsor
function ofIdleYieldSource
supplyTokenTo
andredeemToken
function ofSushiYieldSource
Referenced code: ATokenYieldSource.sol#L233 BadgerYieldSource.sol#L43 BadgerYieldSource.sol#L57 IdleYieldSource.sol#L150 SushiYieldSource.sol#L47 SushiYieldSource.sol#L66
Recommended Mitigation Steps
Add a
nonReentrant
modifier to these functions. ForBadgerYieldSource
andSushiYieldSource
contracts, make them inherit from Openzeppelin'sReentrancyGuardUpgradeable
to use thenonReentrant
modifier.