Open code423n4 opened 2 years ago
hyh
Pause/unpause functions descriptions contradict with the implementation, which is misleading and error prone for code usage and further development.
Pause description includes 'A manager can be replaced with the new contract in a paused state':
paused
https://github.com/code-423n4/2022-01-sherlock/blob/main/contracts/Sherlock.sol#L327
Unpause description includes 'A manager can be replaced with the new contract in an unpaused state':
unpaused
https://github.com/code-423n4/2022-01-sherlock/blob/main/contracts/Sherlock.sol#L344
In the same time no manager setters require paused or unpaused state:
https://github.com/code-423n4/2022-01-sherlock/blob/main/contracts/Sherlock.sol#L206-272
Either remove both L327 and L344 or make the link to manager setting more clear / functions' versions not contradicting
0 non critical
Handle
hyh
Vulnerability details
Impact
Pause/unpause functions descriptions contradict with the implementation, which is misleading and error prone for code usage and further development.
Proof of Concept
Pause description includes 'A manager can be replaced with the new contract in a
paused
state':https://github.com/code-423n4/2022-01-sherlock/blob/main/contracts/Sherlock.sol#L327
Unpause description includes 'A manager can be replaced with the new contract in an
unpaused
state':https://github.com/code-423n4/2022-01-sherlock/blob/main/contracts/Sherlock.sol#L344
In the same time no manager setters require paused or unpaused state:
https://github.com/code-423n4/2022-01-sherlock/blob/main/contracts/Sherlock.sol#L206-272
Recommended Mitigation Steps
Either remove both L327 and L344 or make the link to manager setting more clear / functions' versions not contradicting