pooltypes
commented
2 years ago Duplicate of #182
Closed code423n4 closed 2 years ago
pooltypes
commented
2 years ago Duplicate of #182
GalloDaSballo
commented
2 years ago Dup of #182
Lines of code
https://github.com/code-423n4/2022-05-velodrome/blob/main/contracts/contracts/Bribe.sol#L41 https://github.com/code-423n4/2022-05-velodrome/blob/main/contracts/contracts/Gauge.sol#L590
Vulnerability details
Impact
Anyone can trick Bribe and Gauge contracts by calling notifyRewardAmount with arbitrary tokens until MAX_REWARD_TOKENS is reached. However, later team can replace these fake tokens by calling swapOutRewardToken. However, still, a malicious actor can force the system always to have MAX_REWARD_TOKENS of rewards thus wasting the gas on every delivery and requiring extra team effort and coordination.
Recommended Mitigation Steps
Consider allowing only a whitelisted set of addresses to access the notifyRewardAmount function.