search

code-423n4 / 2023-08-dopex-findings

3 stars 3 forks source link

[M-02] Inconsistent Role Usage for Pausing Functionality in `DpxEthToken` #2201

Closed code423n4 closed 10 months ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-08-dopex/blob/main/contracts/dpxETH/DpxEthToken.sol#L19

Vulnerability details

Impact

The DpxEthToken contract uses a specific PAUSER_ROLE for pausing and unpausing the token. This contrasts with other contracts in the codebase that use the DEFAULT_ADMIN_ROLE for similar functionalities. This inconsistency could lead to confusion and potential mismanagement of roles, as administrators may not be aware of the specific roles required for certain actions across different contracts.

Tools Used

Manual code review.

Recommended Mitigation Steps

Choose a standard role for pausing functionalities across all contracts. If PAUSER_ROLE is specific to DpxEthToken, consider updating other contracts to use this role for consistency or vice versa.

Assessed type

Access Control

c4-pre-sort commented 1 year ago

bytes032 marked the issue as low quality report

bytes032 commented 1 year ago

More like a recommendation instead a vulnerability

c4-judge commented 11 months ago

GalloDaSballo changed the severity to QA (Quality Assurance)

liveactionllama commented 10 months ago

Per discussion with judge, adding grade labels on their behalf.