c4-judge
commented
1 year ago 0xean marked the issue as satisfactory
Open code423n4 opened 1 year ago
c4-judge
commented
1 year ago 0xean marked the issue as satisfactory
Lines of code
Vulnerability details
The solution here is pretty simple and straight forward, simply allowing setteling the trade when paused or frozen solves the problem. There is the risk of allowing another action to be executed while paused or frozen, but it seems like a risk that the protocol chose to accept as a tradeoff for mitigating the issue. Additionally, given that no new auctions can start while paused or frozen this also minimizes the risk that stems from allowing it.
There could be a more complex mitigation which doesn’t allow a trade to settle if the protocol was paused during the trade, but this kind of mitigation would be more complicated and would require lots of new LOCs.