Some Funictions Which Should Not Working During The Pause Mode Are Working

Summary

Basically Owner can Override pairs even when Contracts are in Pause Mode.

Vulnerability Detail

setPairOverrides() from UniswapV3oracleImpl.sol

    function setDefaultPeriod(uint32 defaultPeriod_) external onlyOwner {// @audit-issue no upper bound basically owner set it to arbitary amount
        $defaultPeriod = defaultPeriod_;
        emit SetDefaultPeriod(defaultPeriod_);
    }

Impact

refer Summary

Code Snippet

https://github.com/sherlock-audit/2023-04-splits/blob/main/splits-oracle/src/UniV3OracleImpl.sol#L155

Tool used

Manual Review

Recommendation

Should be pausable modifier present on it

sherlock-audit / 2023-04-splits-judging

0xhacksmithh - Some Funictions Which Should Not Working During The Pause Mode Are Working #133

Some Funictions Which Should Not Working During The Pause Mode Are Working

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation