The contract TokenggAVAX was implemented as to the ERC-4626 spec, but a few important functions were not overridden, namely maxDeposit and maxMint.
As a result the pausability of the protocol was not reflected for these functions and wrong values are returned.
Mitigation
PR #33
The relevant functions are overridden with correct logic for paused state.
Double checked other ERC-4626 specs as well and it looks good.
Tests
Newly added relevant tests are checked. All passing - testMaxMint(), testMaxDeposit().
C4 issue
M-20: TokenggAVAX: maxDeposit and maxMint return wrong value when contract is paused
Comments
The contract
TokenggAVAX
was implemented as to the ERC-4626 spec, but a few important functions were not overridden, namelymaxDeposit
andmaxMint
. As a result the pausability of the protocol was not reflected for these functions and wrong values are returned.Mitigation
PR #33 The relevant functions are overridden with correct logic for paused state. Double checked other ERC-4626 specs as well and it looks good.
Tests
Newly added relevant tests are checked. All passing -
testMaxMint()
,testMaxDeposit()
.Conclusion
LGTM