The following are assumed to be the case when YieldManagerAave is deployed:
The lendingPool's aToken address is equal to the constructor input argument _aToken
aToken's underlying UNDERLYING_ASSET_ADDRESS is equal to the input _paymentToken
Similarly, it is also assumed that the _yieldManager's paymentToken is equal to the input _paymentToken in LongShort#createNewSyntheticMarket()
In the scenario any of the assumptions above do not hold true, attempts to initialize the market should fail.
Nevertheless, potential mistakes can be avoided by spending a bit of gas to perform verification of some (or all) of the assumptions made above.
Recommended Mitigation Steps
In YieldMangerAave, consider deriving the aToken address from _lendingPool, and paymentToken from the derived aToken.
Include paymentToken() in IYieldManager.sol which returns the address of the payment token. Then a simple verification can be done in createNewSyntheticMarket(): require(_paymentToken == IYieldManager(_yieldManager).paymentToken(), 'different payment tokens');
Handle
hickuphh3
Vulnerability details
Impact
The following are assumed to be the case when YieldManagerAave is deployed:
lendingPool
's aToken address is equal to the constructor input argument_aToken
aToken
's underlyingUNDERLYING_ASSET_ADDRESS
is equal to the input_paymentToken
Similarly, it is also assumed that the
_yieldManager
's paymentToken is equal to the input_paymentToken
inLongShort#createNewSyntheticMarket()
In the scenario any of the assumptions above do not hold true, attempts to initialize the market should fail.
Nevertheless, potential mistakes can be avoided by spending a bit of gas to perform verification of some (or all) of the assumptions made above.
Recommended Mitigation Steps
aToken
address from_lendingPool
, andpaymentToken
from the derivedaToken
.paymentToken()
inIYieldManager.sol
which returns the address of the payment token. Then a simple verification can be done increateNewSyntheticMarket()
:require(_paymentToken == IYieldManager(_yieldManager).paymentToken(), 'different payment tokens');