Yieldy contest - ych18's results

A protocol for gaining single side yields on various tokens.

General Information

Platform: Code4rena

Start Date: 21/06/2022

Pot Size: $50,000 USDC

Total HM: 31

Participants: 99

Period: 5 days

Judges: moose-code, JasoonS, denhampreen

Total Solo HM: 17

Id: 139

League: ETH

Yieldy

Findings Distribution

Researcher Performance

Rank: 71/99

Findings: 1

Award: $72.44

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository Yieldy

Findings Information

🌟 Selected for report: 0xDjango

Also found by: BowTiedWardens, Metatron, cccz, hansfriese, shung, ych18, zzzitron

Labels

bug

duplicate

2 (Med Risk)

Awards

72.4441 USDC - $72.44

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-06-yieldy/blob/main/src/contracts/Staking.sol#L157

Vulnerability details

Description

If the owner sets a new CURVE_POOL, this latter cannot be used entirely and some transactions could be reverted ( e.g a call to the instantUnstakeCurve() function ) because the function setCurvePool() doesn't give the allowance to the new CURVE_POOL

Recommendation

add IERC20(TOKE_POOL).approve(CURVE_POOL, type(uint256).max); to setCurvePool() function.

#0 - toshiSat
2022-06-27T22:57:34Z

#165

Yieldy contest - ych18's results

A protocol for gaining single side yields on various tokens.

General Information

Findings Distribution

Researcher Performance

External Links

[M-10] No allowance given to the new `CURVE_POOL` - $72.44

Findings Information

Labels

Awards

External Links

Lines of code

Vulnerability details

Description

Recommendation

#0 - toshiSat2022-06-27T22:57:34Z

#0 - toshiSat
2022-06-27T22:57:34Z