challengeTransaction() should be callable when the protocol is paused
Summary
The function challengeTransaction() in TelcoinDistributor.sol should be callable when the protocol is paused.
Vulnerability Detail
The pause functionality in TelcoinDistributor.sol is used during emergencies. During an emergency it should be possible for council members to call the function challengeTransaction() to reject the execution of malicious proposed transactions.
Let's suppose TelcoinDistributor.sol has to be paused, the owner calls the pause() function. It's possible that, either accidentally or purposefully, a new malicious transaction is proposed via proposeTransaction() that gets executed right before the contract is paused. In this state there is a timeframe where the new proposed transaction should be challenged but it's not possible to do so.
If the contract stays paused for more than challengePeriod as soon as the contract is unpaused the malicious transaction can be executed via executeTransaction().
Impact
Funds might be stolen by a council member and/or further measures are required to prevent the execution of the malicious transaction (ex. remove the malicious council member and hope the others won't execute the function).
zzykxx
medium
challengeTransaction()
should be callable when the protocol is pausedSummary
The function
challengeTransaction()
inTelcoinDistributor.sol
should be callable when the protocol is paused.Vulnerability Detail
The pause functionality in
TelcoinDistributor.sol
is used during emergencies. During an emergency it should be possible for council members to call the functionchallengeTransaction()
to reject the execution of malicious proposed transactions.Let's suppose
TelcoinDistributor.sol
has to be paused, the owner calls thepause()
function. It's possible that, either accidentally or purposefully, a new malicious transaction is proposed viaproposeTransaction()
that gets executed right before the contract is paused. In this state there is a timeframe where the new proposed transaction should be challenged but it's not possible to do so.If the contract stays paused for more than
challengePeriod
as soon as the contract is unpaused the malicious transaction can be executed viaexecuteTransaction()
.Impact
Funds might be stolen by a council member and/or further measures are required to prevent the execution of the malicious transaction (ex. remove the malicious council member and hope the others won't execute the function).
Code Snippet
Tool used
Manual Review
Recommendation
Remove the
whenNotPaused
modifier fromchallengeTransaction()
.Duplicate of #24