Closed code423n4 closed 3 years ago
hickuphh3
While not necessary, it would be good practice to zero out the allowance given to the current yield source when swapping out for a new one.
function _setYieldSource(IYieldSource _newYieldSource) internal { ... IERC20Upgradeable(yieldSource.depositToken()).safeApprove(address(yieldSource), 0); yieldSource = _newYieldSource; IERC20Upgradeable(_newYieldSource.depositToken()).safeApprove(address(_newYieldSource), type(uint256).max); emit SwappableYieldSourceSet(_newYieldSource); }
Duplicate of https://github.com/code-423n4/2021-07-pooltogether-findings/issues/3
PierrickGT
commented
3 years ago PierrickGT
commented
3 years ago
Handle
hickuphh3
Vulnerability details
Impact
While not necessary, it would be good practice to zero out the allowance given to the current yield source when swapping out for a new one.
Recommended Mitigation Steps