0xean
commented
2 years ago QA, warden doesn't demonstrate an attack vector simply a design choice which may add more granular pausing.
Closed code423n4 closed 2 years ago
0xean
commented
2 years ago QA, warden doesn't demonstrate an attack vector simply a design choice which may add more granular pausing.
0xean
commented
2 years ago dupe of #136 wardens QA
Lines of code
https://github.com/code-423n4/2022-10-thegraph/blob/309a188f7215fa42c745b136357702400f91b4ff/contracts/gateway/L1GraphTokenGateway.sol#L263 https://github.com/code-423n4/2022-10-thegraph/blob/309a188f7215fa42c745b136357702400f91b4ff/contracts/gateway/L1GraphTokenGateway.sol#L191
Vulnerability details
Impact
If the escrow account were to be hacked, the system should pause for outboundTransfer, so that no new deposits go to escrow. However, under this circumstance the finalizeInboundTransfer should not be paused, so that users can move their funds away from the escrow.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
Tools Used
Recommended Mitigation Steps
create a separate type of Paused for outboundTransfer and finalizeInboundTransfer