Closed code423n4 closed 3 years ago
cmichel
The SwappableYieldSource contract could cache the deposit token in a storage variable once in initialize and when the yield source changes, instead of always doing an external call to get it IERC20Upgradeable(yieldSource.depositToken()):
SwappableYieldSource
initialize
IERC20Upgradeable(yieldSource.depositToken())
supplyTokenTo
redeemToken
_setYieldSource
Duplicate of https://github.com/code-423n4/2021-07-pooltogether-findings/issues/26
PierrickGT
commented
3 years ago
Handle
cmichel
Vulnerability details
The
SwappableYieldSourcecontract could cache the deposit token in a storage variable once ininitializeand when the yield source changes, instead of always doing an external call to get itIERC20Upgradeable(yieldSource.depositToken()):supplyTokenToredeemToken_setYieldSource