Closed sherlock-admin3 closed 4 months ago
bareli
medium
we are not removing and giving allowance in setRewardPool.we are changing the rewardPool in the setRewardPool.we are not removing the allowance of the old pool.
function setRewardPool(address _rewardPool) external onlyOwner { rewardPool = _rewardPool; emit SetRewardPool(_rewardPool); }
By changing the reward pool there should be a change in allowance.
https://github.com/sherlock-audit/2024-05-beefy-cowcentrated-liquidity-manager/blob/main/cowcentrated-contracts/contracts/strategies/velodrome/StrategyPassiveManagerVelodrome.sol#L776
Manual Review
function setRewardPool(address _rewardPool) external override onlyOwner { _removeAllowances(); rewardPool = _rewardPool; _giveAllowances(); emit SetRewardPool(_rewardPool); }
Duplicate of #3
bareli
medium
wrong allowance of setRewardPool
Summary
we are not removing and giving allowance in setRewardPool.we are changing the rewardPool in the setRewardPool.we are not removing the allowance of the old pool.
Vulnerability Detail
function setRewardPool(address _rewardPool) external onlyOwner { rewardPool = _rewardPool; emit SetRewardPool(_rewardPool); }
Impact
By changing the reward pool there should be a change in allowance.
Code Snippet
https://github.com/sherlock-audit/2024-05-beefy-cowcentrated-liquidity-manager/blob/main/cowcentrated-contracts/contracts/strategies/velodrome/StrategyPassiveManagerVelodrome.sol#L776
Tool used
Manual Review
Recommendation
function setRewardPool(address _rewardPool) external override onlyOwner { _removeAllowances(); rewardPool = _rewardPool; _giveAllowances(); emit SetRewardPool(_rewardPool); }
Duplicate of #3