Closed code423n4 closed 2 years ago
https://github.com/code-423n4/2022-04-jpegd/blob/main/contracts/vaults/yVault/Controller.sol#L82
While updating the strategy, it was observed that old strategy approval was not set to false
Set approvedStrategies[_token][_current]=false
That is intended as strategies in the approvedStrategies mapping can be interchanged if needed.
approvedStrategies
Out of scope and easily fixable. Invalid.
Lines of code
https://github.com/code-423n4/2022-04-jpegd/blob/main/contracts/vaults/yVault/Controller.sol#L82
Vulnerability details
Impact
While updating the strategy, it was observed that old strategy approval was not set to false
Proof of Concept
Recommended Mitigation Steps
Set approvedStrategies[_token][_current]=false