0xean
commented
2 years ago A design choice we have decided against for the moment.
Closed code423n4 closed 2 years ago
0xean
commented
2 years ago A design choice we have decided against for the moment.
0xean
commented
2 years ago dupe of #124
Handle
hyh
Vulnerability details
Impact
If there be any emergency with the system contracts, for example a corner case computational bug be found later on, there is no way to temporary stop the operations.
Proof of Concept
Both core contracts do not have pausing functionality for liquidity addition, swaps and new pool creation:
https://github.com/code-423n4/2022-01-elasticswap/blob/main/elasticswap/src/contracts/Exchange.sol
https://github.com/code-423n4/2022-01-elasticswap/blob/main/elasticswap/src/contracts/ExchangeFactory.sol
Recommended Mitigation Steps
Consider making Exchange and ExchangeFactory pausable.
For example, by using OpenZeppelin's approach:
https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/security/Pausable.sol
At least liquidity addition, swaps and new pool creation endpoints should be stopped if something unexpected happens.