unpaused modifier is only applied in one redeem function but can be easily bypassed.
Vulnerability Detail
unpaused(u, m) modifier in Redeemer contract is only applied to one function:
/// @notice burns Illuminate principal tokens and sends underlying to user
/// @param u address of an underlying asset
/// @param m maturity (timestamp) of the market
function redeem(address u, uint256 m) external unpaused(u, m)
Other functions are left unprotected and even when redeem is paused, users can still bypass the restriction and redeem directly from the ERC5095 token contract (authRedeem) or approve and autoRedeem.
Impact
This makes pausing the Redeemer ineffective in practice and in case of an emergency situation providing little to no help.
HonorLt
medium
Unpaused on redeem functions
Summary
unpausedmodifier is only applied in one redeem function but can be easily bypassed.Vulnerability Detail
unpaused(u, m)modifier inRedeemercontract is only applied to one function:Other functions are left unprotected and even when
redeemis paused, users can still bypass the restriction and redeem directly from the ERC5095 token contract (authRedeem) or approve andautoRedeem.Impact
This makes pausing the Redeemer ineffective in practice and in case of an emergency situation providing little to no help.
Code Snippet
https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/Redeemer.sol#L214-L218
https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/Redeemer.sol#L342-L348
https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/Redeemer.sol#L403
https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/Redeemer.sol#L443-L452
https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/Redeemer.sol#L485-L489
Tool used
Manual Review
Recommendation
Add
unpausedmodifier to all the user-facing functions of Redeemer.Duplicate of #113