Platform: Code4rena
Start Date: 07/07/2023
Pot Size: $121,650 USDC
Total HM: 36
Participants: 111
Period: 7 days
Judge: Picodes
Total Solo HM: 13
Id: 258
League: ETH
Rank: 106/111
Findings: 1
Award: $2.25
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Udsen
Also found by: 0xMirce, 0xPsuedoPandit, 0xStalin, 0xbepresent, Aymen0909, Bobface, Co0nan, GREY-HAWK-REACH, Jeiwan, John, KupiaSec, LuchoLeonel1, Nyx, Praise, RedTiger, alexweb3, bin2chen, btk, dacian, dirk_y, josephdara, keccak123, ktg, mahdirostami, markus_ether, minhtrng, ni8mare, peanuts, ptsanev, ravikiranweb3, rvierdiiev, seeques, serial-coder, shaka, teawaterwire, wangxx2026, zzzitron
2.2492 USDC - $2.25
all _yieldFeeTotalSupply from vault
In
function mintYieldFee(uint256 _shares, address _recipient) external { _requireVaultCollateralized(); if (_shares > _yieldFeeTotalSupply) revert YieldFeeGTAvailable(_shares, _yieldFeeTotalSupply); _yieldFeeTotalSupply -= _shares; _mint(_recipient, _shares); emit MintYieldFee(msg.sender, _recipient, _shares); }
anyone call this function and get all _yieldFeeTotalSupply
manual
remove address _recipient and mint for _yieldFeeRecipient
- function mintYieldFee(uint256 _shares, address _recipient) external { + function mintYieldFee(uint256 _shares) external { //@audit high anyone can call use _yieldFeeRecipient for recipent instead _requireVaultCollateralized(); if (_shares > _yieldFeeTotalSupply) revert YieldFeeGTAvailable(_shares, _yieldFeeTotalSupply); _yieldFeeTotalSupply -= _shares; - _mint(_recipient, _shares); + _mint(_yieldFeeRecipient, _shares);
Access Control
#0 - c4-judge
2023-07-14T22:23:56Z
Picodes marked the issue as duplicate of #396
#1 - c4-judge
2023-08-05T22:03:38Z
Picodes marked the issue as satisfactory