nonReentrant not used everywhere

[code423n4]

Handle

gpersoon

Vulnerability details

Impact

The functions supplyTokenTo and redeemToken have an extra secury measure of nonReentrant in 3 of the 5 yield source contracts:
ATokenYieldSource.sol, IdleYieldSource.sol, YearnV2YieldSource.sol
However in the following 2 yield source contracts its not present:
BadgerYieldSource.sol, SushiYieldSource.sol

Although I don't see any immediate issue, it can't hurt to add nonReentrant to prevent potential reentrancy problems.

Proof of Concept

.\contracts\yield-source\ATokenYieldSource.sol: function supplyTokenTo(uint256 mintAmount, address to) external override nonReentrant {
.\contracts\yield-source\IdleYieldSource.sol: function supplyTokenTo(uint256 mintAmount, address to) external nonReentrant override {
.\contracts\yield-source\YearnV2YieldSource.sol: function supplyTokenTo(uint256 _amount, address to) external override c{

.\contracts\yield-source\BadgerYieldSource.sol: function supplyTokenTo(uint256 amount, address to) public override {
.\contracts\yield-source\SushiYieldSource.sol: function supplyTokenTo(uint256 amount, address to) public override {

.\contracts\yield-source\ATokenYieldSource.sol: function redeemToken(uint256 redeemAmount) external override nonReentrant returns (uint256) {
.\contracts\yield-source\IdleYieldSource.sol: function redeemToken(uint256 redeemAmount) external override nonReentrant returns (uint256 redeemedUnderlyingAsset) {
.\contracts\yield-source\YearnV2YieldSource.sol: function redeemToken(uint256 amount) external override nonReentrant returns (uint256) {

.\contracts\yield-source\BadgerYieldSource.sol: function redeemToken(uint256 amount) public override returns (uint256) {
.\contracts\yield-source\SushiYieldSource.sol: function redeemToken(uint256 amount) public override returns (uint256) {

Tools Used

grep

Recommended Mitigation Steps

Add nonReentrant to the functions supplyTokenTo and redeemToken of BadgerYieldSource.sol and SushiYieldSource.sol

[asselstine]

Duplicate #119