search

code-423n4 / 2024-02-spectra-findings

4 stars 2 forks source link

`updateYield()` can be called even when the contract is paused #232

Closed c4-bot-3 closed 8 months ago

c4-bot-3 commented 8 months ago

Lines of code

https://github.com/code-423n4/2024-02-spectra/blob/383202d0b84985122fe1ba53cfbbb68f18ba3986/src/tokens/PrincipalToken.sol#L340-L341

Vulnerability details

Impact

Function updateYield() misses the whenNotPaused modifier - thus it can be called even when the contract is paused.

Proof of Concept

The PrincipalToken inherits from PausableUpgradeable, thus it can be paused. One of the function - updateYield(), however, does not implement whenNotPaused modifier - meaning, it can be called even when the contract is paused.

File: PrincipalToken.sol

    function updateYield(address _user) public override returns (uint256 updatedUserYieldInIBT) {
        (uint256 _ptRate, uint256 _ibtRate) = _updatePTandIBTRates();

As demonstrated above, function updateYield() does not implement whenNotPaused modifier - thus it's possible to call it even when the contract is paused. Function updateYield() calls another functions: _updatePTandIBTRates() and PrincipalTokenUtil._computeYield - however, none of them verifies if contract is paused - thus it's possible to call updateYield() even on the paused contract.

Tools Used

Manual code review

Recommended Mitigation Steps

Implement whenNotPaused modifier on updateYield() function.

Assessed type

Access Control

c4-pre-sort commented 8 months ago

gzeon-c4 marked the issue as duplicate of #7

c4-pre-sort commented 8 months ago

gzeon-c4 marked the issue as sufficient quality report

c4-judge commented 8 months ago

JustDravee marked the issue as unsatisfactory: Invalid