pause() should Trigger a stopped state according to the docstring of the function, which assumes that the RSETH contract logic should completely be paused. However, the whenNotPaused modifier only applies to minting and burning tokens. So, even in a "paused state", RSETH can still be transferred, approved, etc..
If the pause was initiated due to a critical upgrade/deployment that requires RSETH to be paused or if the RSETH contract was compromised, there could be unpredictable consequences such as fund loss.
Proof of Concept
/// @dev Triggers stopped state.
/// @dev Only callable by LRT config manager. Contract must NOT be paused.
function pause() external onlyLRTManager {
_pause();
}
Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/main/src/RSETH.sol#L60
Vulnerability details
Impact
pause() should
Trigger a stopped state
according to the docstring of the function, which assumes that the RSETH contract logic should completely be paused. However, thewhenNotPaused
modifier only applies to minting and burning tokens. So, even in a "paused state", RSETH can still be transferred, approved, etc..If the pause was initiated due to a critical upgrade/deployment that requires RSETH to be paused or if the RSETH contract was compromised, there could be unpredictable consequences such as fund loss.
Proof of Concept
Tools Used
Manual Review.
Recommended Mitigation Steps
Completely pause the RSETH contract state.
Assessed type
Access Control