McMannaman
commented
2 years ago First, we cannot rely on each bridge swap contract implementation details (they're subject to change) thus, we don't want to include check for pausing of the contract. If bridge is disabled this way, tx would revert and that would be not very good, but expected and proper outcome, no funds lost.
second, as the recommendation states, the pause mechanism was already implemented
HardenedTopupProxy.sol L299
require(paused == false, "operations paused");
Therefore this should not be considered an issue.
ak1
medium
_processTopup will not work when SYNAPSE bridge is paused. All other process could not function.
Summary
The SYNASE bridge can be paused in certain situation. Mover protocol tries to call SYNAPSE bridge during the paused state also.
Vulnerability Detail
Mover can not make top-up when synapse is pasued. all the other process could malfunction is depend on synapse bridge.
Impact
Top up can not be done. The issue that is affecting to the SYNAPSE bridge can affect the Mover protocol also.
Code Snippet
SYNAPSE brdige snippet that shows the pausing mechanism.
https://github.com/synapsecns/synapse-contracts/blob/e76518e8e1be6c329b53648d66b53c7696c1b6a7/contracts/bridge/SynapseBridge.sol#L165-L532
Tool used
Manual Review
Recommendation
Use the pause mechanism for mover too. This could prevent any untoward incident in future.