Open c4-submissions opened 11 months ago
Link to Issue: https://github.com/code-423n4/2023-09-asymmetry-findings/issues/34
The price() function present in the VotiumStrategy contract now takes a _validate parameter that is forwarded to the ethPerCvx() function, instead of hardcoding a false value.
price()
_validate
ethPerCvx()
false
31: function price(bool _validate) external view override returns (uint256) { 32: return (cvxPerVotium() * ethPerCvx(_validate)) / 1e18; 33: }
Invocations of this function from the AfEth contract correctly send a true argument to enable the Chainlink response validation.
true
0xleastwood marked the issue as satisfactory
0xleastwood marked the issue as confirmed for report
0xleastwood marked the issue as not confirmed for report
Lines of code
Vulnerability details
Mitigation of H-03: Issue mitigated
Link to Issue: https://github.com/code-423n4/2023-09-asymmetry-findings/issues/34
Comments
The
price()
function present in the VotiumStrategy contract now takes a_validate
parameter that is forwarded to theethPerCvx()
function, instead of hardcoding afalse
value.Invocations of this function from the AfEth contract correctly send a
true
argument to enable the Chainlink response validation.