Exchange.sol is not Pausable

[code423n4]

Handle

ye0lde

Vulnerability details

Impact

Given the risks to AMMs in general my suggestion is that you should consider making the Exchange contract(s) pausable. That way in case of an unexpected event, the ExchangeFactory contract can pause functions that could cause loss of funds or instability.

Proof of Concept

There is no way to pause an Exchange contract.

Tools Used

Visual Studio Code, Remix

Recommended Mitigation Steps

Consider making Exchange contracts pausable using https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/security/Pausable.sol

A function in ExchangeFactory with similar access control as function setFeeAddress could be used to control pausing. The function would have access to all the Exchange addresses using exchangeAddressByTokenAddress and could pause one or all the Exchanges as necessary.

[GalloDaSballo]

While I appreciate the recommendation, and definitely would consider to roll out the exchange with a pausing functionality, this is not a vulnerability so am downgrading to non-critical