resume() can be called by anyone in IndexTemplate.sol #129
Labels
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Something isn't working
resolved
Finding has been patched by sponsor (sponsor pls link to PR containing fix)
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Handle
p4st13r4
Vulnerability details
Impact
The
resume
function can be called by any user, at any time, even when the Index contract is not locked. There should be a check preventing it from being called unless the contract islocked
Proof of Concept
https://github.com/code-423n4/2022-01-insure/blob/main/contracts/IndexTemplate.sol#L459
Tools Used
Editor
Recommended Mitigation Steps
Add a require on top:
The text was updated successfully, but these errors were encountered: