There is still a transfer of eth even when contract is paused, due to missing whenNotPaused modifier
Proof of Concept
when a user calls the external function claim(), it execute the sendValue() which transfer eth away from the contract. However this function claim() doesn't implement the whenNotPaused modifier, therefore would still get executed when the contract is paused.
Tools Used
Visual Studio Code
Recommended Mitigation Steps
Add the whenNotPaused modifier to the claim() function
Lines of code
https://github.com/code-423n4/2023-06-stader/blob/main/contracts/UserWithdrawalManager.sol#L179
Vulnerability details
Impact
There is still a transfer of eth even when contract is paused, due to missing whenNotPaused modifier
Proof of Concept
when a user calls the external function
claim()
, it execute thesendValue()
which transfer eth away from the contract. However this functionclaim()
doesn't implement the whenNotPaused modifier, therefore would still get executed when the contract is paused.Tools Used
Visual Studio Code
Recommended Mitigation Steps
Add the
whenNotPaused
modifier to the claim() functionAssessed type
Access Control