Function _isValidGovernorOrAdmin() is not about pause/unpause but about msg.sender being valid Governor or Admin, which is used by pause()/unpause() in PoolFactory.sol.
Therefore, the Natspec comment for this function is incorrect:
@dev Function to determine if msg.sender is eligible to trigger pause/unpause.
lucas-manuel
commented
3 years ago
Handle
0xRajeev
Vulnerability details
Impact
Function _isValidGovernorOrAdmin() is not about pause/unpause but about msg.sender being valid Governor or Admin, which is used by pause()/unpause() in PoolFactory.sol.
Therefore, the Natspec comment for this function is incorrect: @dev Function to determine if msg.sender is eligible to trigger pause/unpause.
Proof of Concept
https://github.com/maple-labs/maple-core/blob/355141befa89c7623150a83b7d56a5f5820819e9/contracts/PoolFactory.sol#L145-L150
Tools Used
Manual Analysis
Recommended Mitigation Steps
Change @dev Natspec comment to correctly indicate the functionality of _isValidGovernororAdmin().