executeLimitOrder is not protected by whenNotPaused
Summary
Users can still close their positions even if the contract is paused.
Vulnerability Detail
In DelayedOrder.sol, all actions on the user/keeper side are protected by whenNotPaused, including:
announceStableDeposit
announceStableWithdraw
announceLeverageOpen
announceLeverageAdjust
announceLeverageClose
executeOrder
But in LimitOrder.sol, announceLimitOrder and executeLimitOrder are not protected by whenNotPaused, which enables users to close positions even if the contract is paused.
LTDingZhen
medium
executeLimitOrder
is not protected bywhenNotPaused
Summary
Users can still close their positions even if the contract is paused.
Vulnerability Detail
In
DelayedOrder.sol
, all actions on the user/keeper side are protected bywhenNotPaused
, including:But in
LimitOrder.sol
,announceLimitOrder
andexecuteLimitOrder
are not protected bywhenNotPaused
, which enables users to close positions even if the contract is paused.Impact
Breaks the consistency of the protocol, making it impossible for administrators to prevent users from closing positions.
Code Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/LimitOrder.sol#L58 https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/LimitOrder.sol#L119-L122
Tool used
Manual Review
Recommendation
Add
whenNotPaused
onannounceLimitOrder
andexecuteLimitOrder
.