Pause vaults. Users can exit paused vaults, but otherwise no significant action should be possible on them.
but user cannot withdraw their collateral when vault is paused.
it("cannot modify position if the vault is paused", async () => {
await expect(gmxVault.modifyPosition(PRECISION, PRECISION, true, false)).to.be.revertedWith("Pausable: paused");
});
Since the protocol has one function, modifyPosition(), to handle both debt loans and repayment, and collateral deposits and withdrawal, the modifier whenNotPaused will impact all actions related to collateral and debt changes.
peanuts
medium
User cannot exit paused vaults
Summary
User cannot exit paused vaults.
Vulnerability Detail
Documentation states:
but user cannot withdraw their collateral when vault is paused.
Since the protocol has one function,
modifyPosition()
, to handle both debt loans and repayment, and collateral deposits and withdrawal, the modifierwhenNotPaused
will impact all actions related to collateral and debt changes.Impact
User cannot exit paused vaults.
Code Snippet
https://github.com/sherlock-audit/2023-03-taurus/blob/main/taurus-contracts/contracts/Vault/BaseVault.sol#L212-L219
Tool used
Manual Review
Recommendation
Consider splitting the debt and collateral change functions so that
whenNotPaused
can only affect debt repayment and loan.