GalloDaSballo
commented
2 years ago I agree with the finding, however I fail to see a vulnerability that entails loss of value or DOS given conditions.
Ultimately killed is more of a givingOutRewards check, and it does it's job.
It does make sense to prevent deposits after the gauge has been killed, however I fail to see any risk in allowing it in the current system.
The lack of POC also doesn't show any impact
For those reasons I believe QA to be more appropriate
Lines of code
https://github.com/code-423n4/2022-05-backd/blob/2a5664d35cde5b036074edef3c1369b984d10010/protocol/contracts/tokenomics/AmmGauge.sol#L103
Vulnerability details
Impact
If pool is killed via
kill(), the functions to stake and enter the pool should be paused/killed also.Tools Used
Manual review
Recommended Mitigation Steps
Do not allow users to call
stake()andstakeFor()when pool has already been killed.