Closed sherlock-admin2 closed 5 months ago
1 comment(s) were left on this issue during the judging contest.
tsvetanovv commented:
Invalid. From the Readme we also see: "External contracts pausing or executing an emergency withdrawal are acceptable."
xiaoming90
medium
Napier AMM and Router will revert if the Curve Pools are paused (killed)
Summary
Many of the Napier AMM or Routers core operations will revert and stop working if the Curve Pools are paused (killed).
Vulnerability Detail
Per the contest page, the admins of the protocols that Napier integrates with are considered "RESTRICTED". This means that any issue related to Curve's admin action that could affect Napier protocol/users will be considered valid in this audit contest.
Napier protocol integrates with Curve pools. The Curve admin has the ability to pause (kill) the Curve pools that Napier depends on (generally within the two months after it is first deployed). When the Curve pool is paused, only balanced withdrawal (
remove_liquidity
) is allowed. Imbalanced or one-sided withdrawal and adding of liquidity are not allowed.As a result, many of the Napier AMM or Routers core operations will revert and stop working, such as the following:
Impact
Router and AMM pools are core features of the protocol. Breaking of core protocol/contract functionality.
Code Snippet
https://github.com/sherlock-audit/2024-01-napier/blob/main/v1-pool/src/NapierRouter.sol#L34
https://github.com/sherlock-audit/2024-01-napier/blob/main/v1-pool/src/NapierPool.sol#L39
Tool used
Manual Review
Recommendation
Ensure that the protocol team and its users are aware of the risks of such an event and develop a contingency plan to manage it.