Closed github-actions[bot] closed 1 year ago
Nyx
medium
https://github.com/sherlock-audit/2023-02-carapace/blob/main/contracts/interfaces/IProtectionPoolCycleManager.sol#L4-L9
Comments say that when the cycle states locked, the cycle is in progress & locked for deposit & withdraw.
https://github.com/sherlock-audit/2023-02-carapace/blob/main/contracts/core/pool/ProtectionPool.sol#L1029-L1033
But deposit() only checks poolInfo.currentPhase. It's not checking if the pool cycle is locked or not.
Users can deposit in the locked state.
Manual Review
deposit() needs to have whenPoolIsOpen() modifier.
Duplicate of #206
Nyx
medium
Users can deposit when cycle is locked.
Summary
Vulnerability Detail
https://github.com/sherlock-audit/2023-02-carapace/blob/main/contracts/interfaces/IProtectionPoolCycleManager.sol#L4-L9
Comments say that when the cycle states locked, the cycle is in progress & locked for deposit & withdraw.
https://github.com/sherlock-audit/2023-02-carapace/blob/main/contracts/core/pool/ProtectionPool.sol#L1029-L1033
But deposit() only checks poolInfo.currentPhase. It's not checking if the pool cycle is locked or not.
Impact
Users can deposit in the locked state.
Code Snippet
https://github.com/sherlock-audit/2023-02-carapace/blob/main/contracts/core/pool/ProtectionPool.sol#L1029-L1033
Tool used
Manual Review
Recommendation
deposit() needs to have whenPoolIsOpen() modifier.
Duplicate of #206