search

sherlock-audit / 2022-10-illuminate-judging

3 stars 0 forks source link

ctf_sec - Redeem function for Swivel, Yield, Element, Pendle, APWine, Tempus and Notional protocols and Sense missing unpaused modifier in Redeemer.sol #143

Closed sherlock-admin closed 2 years ago

sherlock-admin commented 2 years ago

ctf_sec

medium

Redeem function for Swivel, Yield, Element, Pendle, APWine, Tempus and Notional protocols and Sense missing unpaused modifier in Redeemer.sol

Summary

Redeem function for Swivel, Yield, Element, Pendle, APWine, Tempus and Notional protocols and Sense missing unpaused modifier

Vulnerability Detail

The redeem should be able to be paused by admin in the extreme condition.

the admin can call pauseRedempmtions

    /// @notice allows admin to stop redemptions of Illuminate PTs for a given market
    /// @param u address of an underlying asset
    /// @param m maturity (timestamp) of the market
    /// @param b true to pause, false to unpause
    function pauseRedemptions(
        address u,
        uint256 m,
        bool b
    ) external authorized(admin) {
        paused[u][m] = b;
    }

and the redeem function that applies the unpaused modifier can be paused.

But the redeem function for Swivel, Yield, Element, Pendle, APWine, Tempus and Notional protocols and Sense is missing the unpaused modifier, meaning the redeem function cannot be paused properly.

Impact

the redeem function cannot be paused properly by admin

Code Snippet

https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/Redeemer.sol#L189-L200

https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/Redeemer.sol#L92-L101

https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/Redeemer.sol#L209-L219

https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/Redeemer.sol#L335-L348

Tool used

Manual Review

Recommendation

We recommend the project add the unpaused modifier to redeem function in Redeemer.sol

Duplicate of #113