Description:Description\
Their are 2 functions to pause the protocol
function setProtocolPause()
function setEmergencyPause()
And there is a concept of cooldown period of 5 minutes to not let anyone toggle the state of the pausing of the protocol rapidly to avoid any inconsistencies in depositing and withdrawing from the protocol.
The check for cooldown is only enforced in the function setEmergencyPause() and there is no such check in the function setProtocolPause() allowing the protocolOwner to toggle the pause rapidly.
Attack Scenario\
Since there is no check in the setProtocolPause() function owner can keep toggling the state to temporary cause a dos in deposit and withdrawal.
This isssue is marked as low since it is centralisation risk.
Github username: -- Twitter username: -- Submission hash (on-chain): 0xa48490d06d7400bc96bbbf18089f1fc9d8d7ebb818562b2708290cf67ad89ee6 Severity: low
Description: Description\ Their are 2 functions to pause the protocol
And there is a concept of cooldown period of 5 minutes to not let anyone toggle the state of the pausing of the protocol rapidly to avoid any inconsistencies in depositing and withdrawing from the protocol.
The check for cooldown is only enforced in the
function setEmergencyPause()
and there is no such check in thefunction setProtocolPause()
allowing the protocolOwner to toggle the pause rapidly.Attack Scenario\ Since there is no check in the
setProtocolPause()
function owner can keep toggling the state to temporary cause a dos in deposit and withdrawal.This isssue is marked as low since it is centralisation risk.
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)