The Sponsored event is declared but never emitted because there is no sponsor function. Missing emit sometimes indicates missing logic which is required. Add logic or remove event declaration.
AToken, Idle and Yearn yield sources have a sponsor function which allows someone to deposit into the yield source without receiving any shares. This is perhaps intended for MStable as well.
PierrickGT
commented
3 years ago
Handle
0xRajeev
Vulnerability details
Impact
The Sponsored event is declared but never emitted because there is no sponsor function. Missing emit sometimes indicates missing logic which is required. Add logic or remove event declaration.
AToken, Idle and Yearn yield sources have a sponsor function which allows someone to deposit into the yield source without receiving any shares. This is perhaps intended for MStable as well.
Proof of Concept
https://github.com/pooltogether/pooltogether-mstable/blob/0bcbd363936fadf5830e9c48392415695896ddb5/contracts/yield-source/MStableYieldSource.sol#L24-L27
Idle example: https://github.com/code-423n4/2021-06-pooltogether/blob/85f8d044e7e46b7a3c64465dcd5dffa9d70e4a3e/contracts/yield-source/IdleYieldSource.sol#L147-L153
Tools Used
Manual Analysis
Recommended Mitigation Steps
Add logic and emit, or remove event declaration.