You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The function sponsor is implemented in 3 of the 5 yield sources (ATokenYieldSource.sol, IdleYieldSource.sol, YearnV2YieldSource.sol)
However 2 of the 5 yield sources don't have the function sponsor ( BadgerYieldSource.sol and SushiYieldSource.sol)
Handle
gpersoon
Vulnerability details
Impact
The function sponsor is implemented in 3 of the 5 yield sources (ATokenYieldSource.sol, IdleYieldSource.sol, YearnV2YieldSource.sol)
However 2 of the 5 yield sources don't have the function sponsor ( BadgerYieldSource.sol and SushiYieldSource.sol)
Note it isn't part of the official spec: https://github.com/pooltogether/yield-source-interface/blob/main/contracts/IYieldSource.sol
It isn't consistent that not all sources have the same function.
Proof of Concept
.\contracts\yield-source\ATokenYieldSource.sol: function sponsor(uint256 amount) external override {
.\contracts\yield-source\IdleYieldSource.sol: function sponsor(uint256 amount) external override {
.\contracts\yield-source\YearnV2YieldSource.sol: function sponsor(uint256 amount) external nonReentrant {
Tools Used
Consider adding the function sponsor to BadgerYieldSource.sol and SushiYieldSource.sol.
Recommended Mitigation Steps
The text was updated successfully, but these errors were encountered: