search

sherlock-audit / 2022-10-illuminate-judging

3 stars 0 forks source link

ak1 - Inadequate access restrictions for Redeem functions in Redeemer.sol #219

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

ak1

medium

Inadequate access restrictions for Redeem functions in Redeemer.sol

Summary

There are inadequate access control mechanism for some redeem functionalities.

Vulnerability Detail

When look at the Redeemer.sol, it has unpaused modier which would be used to pause or unpaue the redemption. But this unpaused modier is used in following line of code only,https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/Redeemer.sol#L403

But, other market's redemption does not have this unpaused modifer which could be used to pause or unpause the redemption.

When look at the lender.sol, all the lending market has the unpasued modier which i believe is added for pause or unpause the lending in any of the critical situation like hack etc .

Impact

Redemption can not be halted in critical situations.

Code Snippet

https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/Redeemer.sol#L214-L218

https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/Redeemer.sol#L342-L348

https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/Redeemer.sol#L443-L450

https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/Redeemer.sol#L485-L489

Tool used

Manual Review

Recommendation

It's suggested to use the unpause modifer for other redemption too. This could help to stop the redemption in an unfair situations. For examples, When market is hacked and large amount of tokens are put for redemption, having this modifier help to stop this type of unfair redemption.

Duplicate of #113