You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Most of the contracts set variables in the initialize function that are never changed. See for examples in the "proof of concept" section.
Here the solidity keyword "immutable" could be added to the variables as an extra security measure.
Proof of Concept
ControlledToken.sol: TokenControllerInterface public override controller;
StakePricePools.sol: IERC20Upgradeable private stakeToken;
YieldSourcePrizePool.sol: IYieldSource public yieldSource;
PrizePool.sol: RegistryInterface public reserveRegistry;
PrizePool.sol: uint256 public maxExitFeeMantissa;
PrizePool.sol: uint256 public maxTimelockDuration;
BadgerYieldSource.sol IBadgerSett private immutable badgerSett;
BadgerYieldSource.sol IBadger private immutable badger;
YearnV2YieldSource.sol IYVaultV2 public vault;
YearnV2YieldSource.sol IERC20Upgradeable internal token;
IdleYieldSource.sol address public idleToken;
IdleYieldSource.sol address public underlyingAsset;
ATokenYieldSource.sol ATokenInterface public aToken;
ATokenYieldSource.sol ILendingPoolAddressesProviderRegistry public lendingPoolAddressesProviderRegistry;
SushiYieldSource.sol ISushiBar public immutable sushiBar;
SushiYieldSource.sol ISushi public immutable sushiAddr;
Tools Used
Recommended Mitigation Steps
Add immutable where possible
The text was updated successfully, but these errors were encountered:
Handle
gpersoon
Vulnerability details
Impact
Most of the contracts set variables in the initialize function that are never changed. See for examples in the "proof of concept" section.
Here the solidity keyword "immutable" could be added to the variables as an extra security measure.
Proof of Concept
ControlledToken.sol: TokenControllerInterface public override controller;
StakePricePools.sol: IERC20Upgradeable private stakeToken;
YieldSourcePrizePool.sol: IYieldSource public yieldSource;
PrizePool.sol: RegistryInterface public reserveRegistry;
PrizePool.sol: uint256 public maxExitFeeMantissa;
PrizePool.sol: uint256 public maxTimelockDuration;
BadgerYieldSource.sol IBadgerSett private immutable badgerSett;
BadgerYieldSource.sol IBadger private immutable badger;
YearnV2YieldSource.sol IYVaultV2 public vault;
YearnV2YieldSource.sol IERC20Upgradeable internal token;
IdleYieldSource.sol address public idleToken;
IdleYieldSource.sol address public underlyingAsset;
ATokenYieldSource.sol ATokenInterface public aToken;
ATokenYieldSource.sol ILendingPoolAddressesProviderRegistry public lendingPoolAddressesProviderRegistry;
SushiYieldSource.sol ISushiBar public immutable sushiBar;
SushiYieldSource.sol ISushi public immutable sushiAddr;
Tools Used
Recommended Mitigation Steps
Add immutable where possible
The text was updated successfully, but these errors were encountered: