From a65c64ac6acf4cef72d81328093409c570b539f8 Mon Sep 17 00:00:00 2001
From: Brendan Asselstine <mail.asselstine@gmail.com>
Date: Mon, 30 Nov 2020 14:46:22 -0800
Subject: [PATCH] OZ Audit Issue N01: Update yVaultInterface#token() to return
 IERC20 interface (#206)

* Fixed underflow in captureAwardBalance

* Fixes OZ Audit 2 issues M01 and L02

* Update yVaultInterface#token() to return IERC20 interface
---
 contracts/external/yearn/yVaultInterface.sol   | 2 +-
 contracts/prize-pool/yearn/yVaultPrizePool.sol | 2 +-
 contracts/test/yVaultMock.sol                  | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/contracts/external/yearn/yVaultInterface.sol b/contracts/external/yearn/yVaultInterface.sol
index da7d66d0..027e3640 100644
--- a/contracts/external/yearn/yVaultInterface.sol
+++ b/contracts/external/yearn/yVaultInterface.sol
@@ -3,7 +3,7 @@ pragma solidity >=0.6.0 <0.7.0;
 import "@openzeppelin/contracts-ethereum-package/contracts/token/ERC20/IERC20.sol";
 
 interface yVaultInterface is IERC20 {
-    function token() external view returns (address);
+    function token() external view returns (IERC20);
 
     function balance() external view returns (uint);
     
diff --git a/contracts/prize-pool/yearn/yVaultPrizePool.sol b/contracts/prize-pool/yearn/yVaultPrizePool.sol
index 1f45095a..e1d18f16 100644
--- a/contracts/prize-pool/yearn/yVaultPrizePool.sol
+++ b/contracts/prize-pool/yearn/yVaultPrizePool.sol
@@ -95,7 +95,7 @@ contract yVaultPrizePool is PrizePool {
   /// @param _externalToken The address of the token to check
   /// @return True if the token may be awarded, false otherwise
   function _canAwardExternal(address _externalToken) internal override view returns (bool) {
-    return _externalToken != address(vault) && _externalToken != vault.token();
+    return _externalToken != address(vault) && _externalToken != address(vault.token());
   }
 
   /// @dev Allows a user to redeem yield-bearing tokens in exchange for the underlying
diff --git a/contracts/test/yVaultMock.sol b/contracts/test/yVaultMock.sol
index d631047a..576bb996 100644
--- a/contracts/test/yVaultMock.sol
+++ b/contracts/test/yVaultMock.sol
@@ -15,8 +15,8 @@ contract yVaultMock is yVaultInterface, ERC20UpgradeSafe {
     vaultFeeMantissa = 0.05 ether;
   }
 
-  function token() external override view returns (address) {
-    return address(asset);
+  function token() external override view returns (IERC20) {
+    return asset;
   }
 
   function balance() public override view returns (uint) {