spaghettieth
commented
2 years ago The pause function is only supposed to block transfers, not minting.
Closed code423n4 closed 2 years ago
spaghettieth
commented
2 years ago The pause function is only supposed to block transfers, not minting.
dmvt
commented
2 years ago Invalid
Lines of code
https://github.com/code-423n4/2022-04-jpegd/blob/e72861a9ccb707ced9015166fbded5c97c6991b6/contracts/tokens/StableCoin.sol#L38-L44
Vulnerability details
Impact
In StableCoin.sol, we have two functions pause and unpause, which is ideally to be called during any emergency period to control critical functions. However on pause of the protocol using the function pause(), there is no impact, and minting is still allowed for MINTER_ROLE. The function mint(address to, uint256 amount) is missing the modifier whenNotPaused()
Proof of Concept
Contract : tokens/StableCoin.sol Function : mint()
Recommended Mitigation Steps
Add the modifier whenNotPaused() to the mint function