Bypass paused `redeem()`

Summary

If the admin decides to pause redeem in Redeemer.sol when it’s dangerous, malicious or unprofitable. The paused mode could be bypassed with autoRedeem() or PT token withdraw()/redeem() with authRedeem().

Bypassing the admins decision can result in loss of funds for the project.

Vulnerability Detail

In autoRedeem() and authRedeem(), the underlying can still be transferred to the user:

the user just need to set the allowance to use the autoRedeem()
call the PT token withdraw()/redeem(), which eventually call the Redeemer contract authRedeem().

Impact

Bypassing the admins decision might end up with loss of funds for the project.

Code Snippet

There are no modifier unpaused(u, m) for autoRedeem() and authRedeem(), nor any checks for the unpaused status inside the functions.

https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/Redeemer.sol#L485-L489

PT token withdraw()/redeem() can be called even if paused. https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/tokens/ERC5095.sol#L252-L275

https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/tokens/ERC5095.sol#L320-L343

https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/Redeemer.sol#L443-L452

Tool used

Manual Review

Recommendation

Add the modifier or paused status check in autoRedeem() and authRedeem().

Duplicate of #113

sherlock-audit / 2022-10-illuminate-judging

141345 - Bypass paused `redeem()` #237

Bypass paused `redeem()`

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

sherlock-audit / 2022-10-illuminate-judging

__141345__ - Bypass paused `redeem()` #237

Bypass paused redeem()

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

141345 - Bypass paused `redeem()` #237

Bypass paused `redeem()`