Closed c4-bot-4 closed 9 months ago
gzeon-c4 marked the issue as duplicate of #114
gzeon-c4 marked the issue as not a duplicate
gzeon-c4 marked the issue as sufficient quality report
gzeon-c4 marked the issue as duplicate of #7
JustDravee marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-02-spectra/blob/383202d0b84985122fe1ba53cfbbb68f18ba3986/src/tokens/YieldToken.sol#L58-L61
Vulnerability details
When the
PrincipalToken
contract has been paused (_paused
set to true), users should NOT be able to burn YT tokens. This can be inferred as the_beforeWithdraw()
function has thewhenNotPaused
and it is called before every single withdraw (or the next call in the stack). In other words withdraws are paused. Also during withdraw the yield is updated and YT tokens are burned (only in_beforeRedeem
).There is also another way for a user to update his yield and burn tokens which is through
YieldToken::burn()
However this function does not check if the protocol is paused.
Impact
Users are able to burn tokens when the system is paused, which they should not be able to do. This could be a problem if the protocol ever needs to temporarily pause for upgrade or the functionality has a bug.
Proof of Concept
Add the following test to
PrincipalToken.t.sol
and run withforge test --match-test testBurn -vvv
Tools Used
Manual Review
Recommended Mitigation Steps
Add
whenNotPaused
modifier toPrincipalToken::updateYield
. Optional: Remove it from_beforeRedeem
and_beforeWithdraw
as both methods callupdateYield
.Assessed type
Other