Multiple pause mechanisms #19
Labels
Comments
|
Will not implement |
|
This appears to correspond to local and global pause mechanisms. Not a bug. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Handle
gpersoon
Vulnerability details
Impact
Two different pause mechanisms are used
One with the modifier whenNotPaused from openzeppelin Pausable.sol
And one via the function _whenProtocolNotPaused()
The could lead to confusion, especially because the names are very similar.
Proof of Concept
Loan.sol: function fundLoan(address mintTo, uint256 amt) whenNotPaused external {
LoanFactory.sol: ) external whenNotPaused returns (address) {
PoolFactory.sol: ) public whenNotPaused returns (address) {
StakeLocker.sol: function stake(uint256 amt) whenNotPaused external {
Loan.sol: function _whenProtocolNotPaused() internal {
LoanFactory.sol: function _whenProtocolNotPaused() internal {
Pool.sol: function _whenProtocolNotPaused() internal {
PoolFactory.sol: function _whenProtocolNotPaused() internal {
StakeLocker.sol: function _whenProtocolNotPaused() internal {
Tools Used
grep
Recommended Mitigation Steps
Doublecheck the need for multiple mechanism.
Perhaps change the name of _whenProtocolNotPaused() to be more different from whenNotPaused
The text was updated successfully, but these errors were encountered: