HickupHH3
commented
2 years ago Context: I was away on holiday when I did this contest and lacked the time to do a proper write-up. Thanks to Dravee for helping me submit hehe
low: L01, L02, L03 L-04 would have been bumped up to a med severity duplicate of #62, but the description is a little too vague to do so. Hence, I will invalidate it. nc: NC01
L-01: _depositYield() doesn’t use SafeERC20 for approvals
L-02: Use safeIncreaseAllowance() instead of safeApprove()
L-03: Verify curveLPToken matches with Convex booster’s convexPoolId
L-04: ConvexCurveLPVault: Ensure 0 msg.value in _depositToYieldPool()
L-05: LidoVault: Restrict ETH sender to WETH contract
NC-01: Spelling errors