search

code-423n4 / 2022-12-gogopool-findings

1 stars 0 forks source link

FUNCTION `restakeGGP` CAN BE CALLED EVEN WHEN THE CONTRACTS ARE PAUSED #711

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2022-12-gogopool/blob/main/contracts/contract/Staking.sol#L328

Vulnerability details

The restakeGGP() function is essentially performing the same task as stakeGGP() function.

The stakeGGP() function has a modifier whenNotPaused() which ensures the the function is not accessible when the contracts are paused. However restakeGGP() function which is also performing the same task does not implement the whenNotPaused() modifier. Although it has a modifier onlySpecificRegisteredContract() which allows only specific registered contracts to call it, still restaking can be done even when the contracts are paused. This is not advisable at all as transfer of funds can still take place when the contract is paused.

Recommended Mitigation Steps

Implement whenNotPaused() modifier to the restakeGGP() function

c4-judge commented 1 year ago

GalloDaSballo marked the issue as duplicate of #351

c4-judge commented 1 year ago

GalloDaSballo marked the issue as duplicate of #673

c4-judge commented 1 year ago

GalloDaSballo marked the issue as satisfactory