asselstine
commented
3 years ago It's role is to delegate COMP-like tokens held by the Prize Pool. It's documented as such.
Closed code423n4 closed 3 years ago
asselstine
commented
3 years ago It's role is to delegate COMP-like tokens held by the Prize Pool. It's documented as such.
dmvt
commented
3 years ago It is indeed documented.
Handle
0xRajeev
Vulnerability details
Impact
It is unclear what the intended usage of this function is in the base PrizePool contract. This possibly is left behind here from refactoring of prize pool and separating the yield sources from being hardcoded in the pool.
Proof of Concept
https://github.com/code-423n4/2021-06-pooltogether/blob/85f8d044e7e46b7a3c64465dcd5dffa9d70e4a3e/contracts/PrizePool.sol#L1045-L1052
Tools Used
Manual Analysis
Recommended Mitigation Steps
Remove, move to Compound yield source specific contract or document usage.