search

hats-finance / Euro-Dollar-0xa4ccd3b6daa763f729ad59eae75f9cbff7baf2cd

Audit competition repository for Euro-Dollar (0xa4ccd3b6daa763f729ad59eae75f9cbff7baf2cd)
https://hats.finance
MIT License
3 stars 2 forks source link

Deposit Mint Withdraw Redeem are not pausable #12

Open hats-bug-reporter[bot] opened 4 weeks ago

hats-bug-reporter[bot] commented 4 weeks ago

Github username: -- Twitter username: -- Submission hash (on-chain): 0xfc43d68e2e9510eeee54ce88f0fdd875b2244635d871bc05193375fe1532b896 Severity: medium

Description: Description\ The functions Deposit Mint Withdraw Redeem are callable even when the contract is paused

Attachments

  1. Proof of Concept (PoC) File

    
function deposit(uint256 assets, address receiver) public returns (uint256 shares) {
shares = convertToShares(assets);
usde.burn(msg.sender, assets);
_mint(receiver, shares);

emit Deposit(msg.sender, receiver, assets, shares);
}

function mint(uint256 shares, address receiver) public returns (uint256 assets) { assets = convertToAssets(shares); usde.burn(msg.sender, assets); _mint(receiver, shares);

emit Deposit(msg.sender, receiver, assets, shares);

}

function redeem(uint256 shares, address receiver, address owner) public returns (uint256 assets) { if (owner != msg.sender) _spendAllowance(owner, msg.sender, shares); assets = convertToAssets(shares); _burn(owner, shares); usde.mint(receiver, assets);

emit Withdraw(msg.sender, receiver, owner, assets, shares);

}

function withdraw(uint256 assets, address receiver, address owner) public returns (uint256 shares) { shares = convertToShares(assets); if (owner != msg.sender) _spendAllowance(owner, msg.sender, shares); _burn(owner, shares); usde.mint(receiver, assets);

emit Withdraw(msg.sender, receiver, owner, assets, shares);

}



2. **Revised Code File (Optional)**
Make these functions pausable.
AndreiMVP commented 4 weeks ago

Don't _mint() and _burn() hit the pausable check?