code-423n4 / 2023-08-pooltogether-mitigation-findings

0 stars 0 forks source link

H-04 MitigationConfirmed #30

Open code423n4 opened 1 year ago

code423n4 commented 1 year ago

Lines of code

Vulnerability details

Issue mitigated

About the problem

Previously, anyone could call mintYieldFee function and provide _recipient param. This will make contract mint fee shares to the provided recipient.

Solution

Now, mintYieldFee function mint shares to the _yieldFeeRecipient only, so it's not possible to steal shares.

c4-judge commented 1 year ago

Picodes marked the issue as satisfactory

c4-judge commented 1 year ago

Picodes marked the issue as confirmed for report