search

code-423n4 / 2022-12-Stealth-Project-findings

0 stars 0 forks source link

There is no option to cancel an `EMERGENCY` mode. #84

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2022-12-Stealth-Project/blob/fc8589d7d8c1d8488fd97ccc46e1ff11c8426ac2/maverick-v1/contracts/models/Pool.sol#L339

Vulnerability details

Impact

There is no option to cancel an EMERGENCY mode in the pool.

Once the pool is in an EMERGENCY mode, the pool can't work as normal forever.

Proof of Concept

The pool can be changed to an EMERGENCY mode by adminAction().

    function adminAction(uint256 action, uint16 val, address recipient) external {
        checkReentrancy(true, true);
        // ************************ reentrancy ************************
        require(msg.sender == factory.owner());
        if (action == ACTION_SET_PROTOCOL_FEES) {
            setProtocolFeeRatio(val);
        } else if (action == ACTION_CLAIM_PROTOCOL_FEES_A || action == ACTION_CLAIM_PROTOCOL_FEES_B) {
            claimProtocolFees(recipient, action == ACTION_CLAIM_PROTOCOL_FEES_A);
        } else if (action == ACTION_EMERGENCY_MODE) {
            state.status = EMERGENCY;
            return;
        }

        // ************************ reentrancy ************************
        state.status &= ~LOCKED;
    }

But once the pool is in an EMERGENCY mode, the pool can't be back to normal state forever.

Tools Used

Manual Review

Recommended Mitigation Steps

There should be an option to cancel an EMERGENCY in the contract.

c4-judge commented 1 year ago

kirk-baird marked the issue as duplicate of #11

gte620v commented 1 year ago

This is by design. In Emergency Mode, a user can still remove their deposits.

c4-sponsor commented 1 year ago

gte620v marked the issue as sponsor disputed

c4-judge commented 1 year ago

kirk-baird marked the issue as nullified