add pause/unpause function in the metrom contract

[hats-bug-reporter[bot]]

Github username: @0Ksecurity Twitter username: -- Submission hash (on-chain): 0x410004a9ab4a297ddb932bfdeb47b53f320d06214693d31fae1c00ef64201a11 Severity: medium

Description: Description\ the metrom contract allow user to create campaign for specific pool and adding any erc20 tokens as reward tokens, then user can claim their reward by calling claimFunction, while the contract allow setting any erc20 tokens as reward tokens there is tokens that get paused by their admin, if this happened then any call to the claimRewards will revert and cause loss of gas to the LPs/users.

Attack Scenario\

• a campaign onwer create a campaign and adds 5 tokens (usdc and usdc and dai and usdd and ZIL) as reward tokens, the Zil token is a pausable token that can be paused by its admin.
• LPs calling the claimReward function to claim their reward in the form of the mentioned tokens above
• the call will revert when it reach ZIL token as this token is paused and its impossible to call its transfer function.
• LPs will loss gas for the transaction(Griefing happens)

Attachments

2. Revised Code File (Optional) add pause function that the campaign owner can pause its reward distribution and add unpause function that can be called by trusted addresses determined by metrom protocol.

Files:

• Metrom.sol (https://hats-backend-prod.herokuapp.com/v1/files/QmfJQfVAaaNYg9akHhtuwDHq6H2ijiL9GaaQucbm1PaVvj)

[luzzif]

In this specific case users can still recover all the other rewards just fine by only specifying claim bundles for them, leaving out the claim bundle for the paused token. Then, when the ZIL token is unpaused, they can also claim that without any issue. It seems extremely overkill to pause the entire contract because of some token not being able to be claimed when the users themselves can work around this by crafting their claim transactions in a certain way.