code-423n4 / 2021-06-pooltogether-findings

0 stars 0 forks source link

YearnV2YieldSource save gas with pre-approval #95

Closed code423n4 closed 3 years ago

code423n4 commented 3 years ago

Handle

cmichel

Vulnerability details

YearnV2YieldSource._depositInVault can save gas by caching token in memory instead of accessing it 3 times from storage.

asselstine commented 3 years ago

We considered this, but it's possible for a malicious user to "drain" the approval of the contract, so there would need to be checks to see if approval dropped below a certain level. We opted to leave out the complexity.

asselstine commented 3 years ago

Actually, we'll tackle this. We will:

approve max on init
provide a function to approve max again

kamescg commented 3 years ago

https://github.com/pooltogether/pooltogether-yearnv2-yield-source/pull/new/fix/95
https://github.com/jmonteer/pooltogether-yearnv2-yield-source/pull/5