Open code423n4 opened 2 years ago
WatchPug
Based on the context, the system intends to lock all the lps during PayingOut period.
However, the current implementation allows anyone, including LPs to call resume() and unlock the index pool.
resume()
It allows a malicious LP to escape the responsibility for the compensation, at the expense of other LPs paying more than expected.
https://github.com/code-423n4/2022-01-insure/blob/19d1a7819fe7ce795e6d4814e7ddf8b8e1323df3/contracts/IndexTemplate.sol#L459-L471
function resume() external override { uint256 _poolLength = poolList.length; for (uint256 i = 0; i < _poolLength; i++) { require( IPoolTemplate(poolList[i]).paused() == false, "ERROR: POOL_IS_PAUSED" ); } locked = false; emit Resumed(); }
Change to:
function resume() external override { uint256 _poolLength = poolList.length; for (uint256 i = 0; i < _poolLength; i++) { require( IPoolTemplate(poolList[i]).marketStatus() == MarketStatus.Trading, "ERROR: POOL_IS_PAYINGOUT" ); } locked = false; emit Resumed(); }
Handle
WatchPug
Vulnerability details
Based on the context, the system intends to lock all the lps during PayingOut period.
However, the current implementation allows anyone, including LPs to call
resume()and unlock the index pool.It allows a malicious LP to escape the responsibility for the compensation, at the expense of other LPs paying more than expected.
https://github.com/code-423n4/2022-01-insure/blob/19d1a7819fe7ce795e6d4814e7ddf8b8e1323df3/contracts/IndexTemplate.sol#L459-L471
Recommendation
Change to: