lucas-manuel
commented
3 years ago Same as the other ticket, this is not a bug. It is a missing piece of documentation, which will be updated, but has nothing to do with the code.
Open code423n4 opened 3 years ago
lucas-manuel
commented
3 years ago Same as the other ticket, this is not a bug. It is a missing piece of documentation, which will be updated, but has nothing to do with the code.
Arachnid
commented
3 years ago Duplicate of #52
deluca-mike
commented
3 years ago
Handle
0xRajeev
Vulnerability details
Impact
The protocol specification specifies that the Security Multisig controls the pause/unpause functionality of three functions Loan.fundLoan(), Pool.setLiquidityCap() and StakeLocker.stake() as indicated here: https://github.com/maple-labs/maple-core/wiki/Security#security-multisig
However, createLoan() function of LoanFactory.sol has a whenNotPaused modifier which is presumably controlled by the same Security Multisig (via Pausable).
This implementation is a specification mismatch and can cause unexpected pause/unpause during operation.
Proof of Concept
https://github.com/maple-labs/maple-core/blob/355141befa89c7623150a83b7d56a5f5820819e9/contracts/LoanFactory.sol#L73-L80
Tools Used
Manual analysis of implementation and specification.
Recommended Mitigation Steps
Fix the implementation or the specification to match each other.