search

coordinape / coordinape-protocol

🏆 Coordinape contracts
MIT License
32 stars 12 forks source link

Issue with token check in `uploadEpochRoot` #28

Open levity opened 2 years ago

levity commented 2 years ago

Concerning this line: https://github.com/coordinape/coordinape-protocol/blob/62df1c61c97e6c74437838fdda8059b27f171511/contracts/ApeProtocol/ApeDistributor.sol#L62

There are two issues:

  1. This checks the _token argument against ApeVault.vault, which is the address of the underlying Yearn vault. Perhaps it should be one of the following instead:
// BaseWrapperImplementation.token
require(address(ApeVaultWrapperImplementation(_vault).token()) == _token, "Vault cannot supply token"); 

// VaultAPI.token 
require(address(ApeVaultWrapperImplementation(_vault).vault().token()) == _token, "Vault cannot supply token");
  1. This check prevents using uploadEpochRoot for the vault's simpleToken. so we'd need to do something like this:
require(
  address(ApeVaultWrapperImplementation(_vault).token()) == _token ||
  address(ApeVaultWrapperImplementation(_vault).simpleToken()) == _token, 
  "Vault cannot supply token"
);
levity commented 2 years ago

thx @teeolendo for finding this