lucas-manuel
commented
3 years ago This is not a bug, functionality is exactly as intended. This is a mistake in the wiki, which is outside of the code. Definitely not a high severity bug.
Open code423n4 opened 3 years ago
lucas-manuel
commented
3 years ago This is not a bug, functionality is exactly as intended. This is a mistake in the wiki, which is outside of the code. Definitely not a high severity bug.
Arachnid
commented
3 years ago I'm rating this as noncritical - but a discrepancy between the specs and the code should absolutely be in scope, as Wardens have no way to assess the authors' intent other than those documents.
deluca-mike
commented
3 years ago
Handle
0xRajeev
Vulnerability details
Impact
The protocol specification specifies that the Security Multisig controls the pause/unpause functionality of three functions Loan.fundLoan(), Pool.setLiquidityCap() and StakeLocker.stake() as indicated here: https://github.com/maple-labs/maple-core/wiki/Security#security-multisig
However, createPool() function of PoolFactory.sol has a whenNotPaused modifier which is presumably controlled by the same Security Multisig (via Pausable).
This implementation is a specification mismatch and can cause unexpected pause/unpause during operation.
Proof of Concept
https://github.com/maple-labs/maple-core/blob/355141befa89c7623150a83b7d56a5f5820819e9/contracts/PoolFactory.sol#L58-L66
Tools Used
Manual analysis of implementation and specification.
Recommended Mitigation Steps
Fix the implementation or the specification to match each other.