Function _isValidGovernor() is not about pause/unpause but about msg.sender being valid Governor, which is used by setAdmin/setGlobals in LoanFactory.sol.
Therefore, the Natspec comment for this function is incorrect:
@dev Function to determine if msg.sender is eligible to trigger pause/unpause.
lucas-manuel
commented
3 years ago
Handle
0xRajeev
Vulnerability details
Impact
Function _isValidGovernor() is not about pause/unpause but about msg.sender being valid Governor, which is used by setAdmin/setGlobals in LoanFactory.sol.
Therefore, the Natspec comment for this function is incorrect: @dev Function to determine if msg.sender is eligible to trigger pause/unpause.
Proof of Concept
https://github.com/maple-labs/maple-core/blob/355141befa89c7623150a83b7d56a5f5820819e9/contracts/LoanFactory.sol#L149-L154
Tools Used
Manual Analysis
Recommended Mitigation Steps
Change @dev Natspec comment to correctly indicate the functionality of _isValidGovernor().