code-423n4 / 2021-08-floatcapital-findings

0 stars 0 forks source link

LongShort.sol & YieldManagerAave.sol: Verify / derive input arguments #56

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

hickuphh3

Vulnerability details

Impact

The following are assumed to be the case when YieldManagerAave is deployed:

The lendingPool's aToken address is equal to the constructor input argument _aToken
aToken's underlying UNDERLYING_ASSET_ADDRESS is equal to the input _paymentToken

Similarly, it is also assumed that the _yieldManager's paymentToken is equal to the input _paymentToken in LongShort#createNewSyntheticMarket()

In the scenario any of the assumptions above do not hold true, attempts to initialize the market should fail.

Nevertheless, potential mistakes can be avoided by spending a bit of gas to perform verification of some (or all) of the assumptions made above.

Recommended Mitigation Steps

In YieldMangerAave, consider deriving the aToken address from _lendingPool, and paymentToken from the derived aToken.
Include paymentToken() in IYieldManager.sol which returns the address of the payment token. Then a simple verification can be done in createNewSyntheticMarket(): require(_paymentToken == IYieldManager(_yieldManager).paymentToken(), 'different payment tokens');

DenhamPreen commented 3 years ago

Non-critical but valuable feedback 🙌