In StableCoin.sol, we have two functions pause and unpause, which is ideally to be called during any emergency period to control critical functions.
However on pause of the protocol using the function pause(), there is no impact, and minting is still allowed for MINTER_ROLE.
The function mint(address to, uint256 amount) is missing the modifier whenNotPaused()
Proof of Concept
Contract : tokens/StableCoin.sol
Function : mint()
Recommended Mitigation Steps
Add the modifier whenNotPaused() to the mint function
function mint(address to, uint256 amount) external whenNotPaused { ...
Lines of code
https://github.com/code-423n4/2022-04-jpegd/blob/e72861a9ccb707ced9015166fbded5c97c6991b6/contracts/tokens/StableCoin.sol#L38-L44
Vulnerability details
Impact
In StableCoin.sol, we have two functions pause and unpause, which is ideally to be called during any emergency period to control critical functions. However on pause of the protocol using the function pause(), there is no impact, and minting is still allowed for MINTER_ROLE. The function mint(address to, uint256 amount) is missing the modifier whenNotPaused()
Proof of Concept
Contract : tokens/StableCoin.sol Function : mint()
Recommended Mitigation Steps
Add the modifier whenNotPaused() to the mint function