You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Agree with sponsor on severity. Warden has not shown how this could cause problems as currently written. It should be fixed for consistency and style sake.
Handle
jvaqa
Vulnerability details
Impact
PrizePool.beforeTokenTransfer() incorrectly uses msg.sender in seven places instead of _msgSender(). [1]
Nearly all of PrizePool.sol opts to use _msgSender() to provide for more optionality.
It appears that PrizePool.beforeTokenTransfer() may have been copy/pasted into PrizePool.sol without adjusting msg.sender to use _msgSender().
Recommended Mitigation Steps
Replace the seven instances of msg.sender in PrizePool.beforeTokenTransfer() with _msgSender()
[1] https://github.com/code-423n4/2021-06-pooltogether/blob/85f8d044e7e46b7a3c64465dcd5dffa9d70e4a3e/contracts/PrizePool.sol#L418
The text was updated successfully, but these errors were encountered: