You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The function _setApprovals() of ConvexStrategy.sol includes _router as a parameter, whereas MIMConvexStrategy.sol doesn't.
MIMConvexStrategy relies on router address being set by the constructor of BaseStrategy.sol.
This only works if router is not immutable.
Luckily it isn't immutable now but this might change in forks of the code.
Although this problem is fixed in Solidity 0.8.9 it is still safer to a add _router as parameter in _setApprovals
Change _setApprovals() of MIMConvexStrategy.sol to:
function _setApprovals(
...
address _router,
..
) internal {
..
IERC20(_crv).safeApprove(address(_router), type(uint256).max); // make sure to use _router
IERC20(_cvx).safeApprove(address(_router), type(uint256).max); // make sure to use _router
}
The text was updated successfully, but these errors were encountered:
The thing that got fixed in solidity 0.8.9 is that you can access immutable variables in the constructor.
In previous versions of solidity you cannot assign a value to an immutable variables and the access this variable.
Vulnerability details
The function _setApprovals() of ConvexStrategy.sol includes _router as a parameter, whereas MIMConvexStrategy.sol doesn't.
MIMConvexStrategy relies on router address being set by the constructor of BaseStrategy.sol.
This only works if router is not immutable.
Luckily it isn't immutable now but this might change in forks of the code.
Although this problem is fixed in Solidity 0.8.9 it is still safer to a add _router as parameter in _setApprovals
metavault/contracts/v3/strategies/ConvexStrategy.sol
Lines 65 to 75 in f91bee5
metavault/contracts/v3/strategies/MIMConvexStrategy.sol
Lines 82 to 90 in 6c3eac8
Recommended mitigation steps
Change _setApprovals() of MIMConvexStrategy.sol to:
function _setApprovals(
...
address _router,
..
) internal {
..
IERC20(_crv).safeApprove(address(_router), type(uint256).max); // make sure to use _router
IERC20(_cvx).safeApprove(address(_router), type(uint256).max); // make sure to use _router
}
The text was updated successfully, but these errors were encountered: