search

code-423n4 / 2023-08-pooltogether-mitigation-findings

0 stars 0 forks source link

H-04 MitigationConfirmed #5

Open code423n4 opened 1 year ago

code423n4 commented 1 year ago

Lines of code

Vulnerability details

Comments

The Vault has a mintYieldFee method that is supposed to mint vault shares to the yield fee recipient (that is set by the vault owner). However the previous implementation allowed the caller to specify an arbitrary recipient address and didn’t perform any access control which meant that anyone could steal the yield fees from the vault.

Mitigation

The new implementation has removed the recipient argument from the mintYieldFee method and now always mints the yield fee to the _yieldFeeRecipient address. Since this address can only be set in the constructor or updated by the owner of the vault, the minting of yield fees are now safe from theft. The original issues is resolved.

Conclusion

LGTM

c4-judge commented 1 year ago

Picodes marked the issue as satisfactory