Napier AMM and Router will revert if the Curve Pools are paused (killed)

Summary

Many of the Napier AMM or Routers core operations will revert and stop working if the Curve Pools are paused (killed).

Vulnerability Detail

Per the contest page, the admins of the protocols that Napier integrates with are considered "RESTRICTED". This means that any issue related to Curve's admin action that could affect Napier protocol/users will be considered valid in this audit contest.

Q: Are the admins of the protocols your contracts integrate with (if any) TRUSTED or RESTRICTED? RESTRICTED

Napier protocol integrates with Curve pools. The Curve admin has the ability to pause (kill) the Curve pools that Napier depends on (generally within the two months after it is first deployed). When the Curve pool is paused, only balanced withdrawal (remove_liquidity) is allowed. Imbalanced or one-sided withdrawal and adding of liquidity are not allowed.

As a result, many of the Napier AMM or Routers core operations will revert and stop working, such as the following:

NapierPool.swapUnderlyingForPt
NapierPool.swapPtForUnderlying
NapierRouter.removeLiquidityOneUnderlying
NaiperRouter.removeLiquidityOnePt
NapierRouter.addLiquidity
NapierRouter.addLiquidityOnePt

Impact

Router and AMM pools are core features of the protocol. Breaking of core protocol/contract functionality.

Code Snippet

https://github.com/sherlock-audit/2024-01-napier/blob/main/v1-pool/src/NapierRouter.sol#L34

https://github.com/sherlock-audit/2024-01-napier/blob/main/v1-pool/src/NapierPool.sol#L39

Tool used

Manual Review

Recommendation

Ensure that the protocol team and its users are aware of the risks of such an event and develop a contingency plan to manage it.

sherlock-audit / 2024-01-napier-judging

xiaoming90 - Napier AMM and Router will revert if the Curve Pools are paused (killed) #102