ak1 - JUSDBank.sol : borrow does not ensure `isBorrowAllowed` enabled.

[sherlock-admin]

ak1

medium

JUSDBank.sol : borrow does not ensure isBorrowAllowed enabled.

Summary

Deposit and borrow is done by checking following bool flags.

    bool isDepositAllowed;
    //        if allow user borrow USDO
    bool isBorrowAllowed;

when there is check to ensure this for deposit function . Refer line of codes here for deposit. But there is no such check for _borrow

Vulnerability Detail

Impact

This would cause issue when borrow is paused. Not sure how long the impact could be. But one possible place where this could affect is in switching to new phases where some of the functionality would be paused temporary.

Code Snippet

deposit function which has the

https://github.com/sherlock-audit/2023-04-jojo/blob/main/JUSDV1/src/Impl/JUSDBank.sol#L247-L256

No check for borrow

https://github.com/sherlock-audit/2023-04-jojo/blob/main/JUSDV1/src/Impl/JUSDBank.sol#L274-L283

Tool used

Manual Review

Recommendation

Update the code as mentioned in comments.

  Check `isBorrowAllowed` is enabled or not for borrow.

[JoscelynFarr]

https://github.com/sherlock-audit/2023-04-jojo/blob/main/JUSDV1/src/Impl/JUSDBank.sol#LL114C13-L114C38 https://github.com/sherlock-audit/2023-04-jojo/blob/main/JUSDV1/src/Impl/JUSDView.sol#L159 The check is in the _maxMintAmountBorrow function