sherlock-admin2
commented
5 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid because { This is invalid also}
Closed sherlock-admin closed 5 months ago
sherlock-admin2
commented
5 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid because { This is invalid also}
fnanni
medium
Proposals in TelcoinDistributor don't get paused when the contract is paused
Summary
If the contract gets paused, proposed transactions ongoing the challenge period won't get paused and could get approved when they shouldn't.
Vulnerability Detail
challengeTransaction() is not callable when the contract is paused. This means that transaction proposals in the challenge period would be going through this period without the risk of being rejected while the contract is paused.
Impact
Council members could be unable to challenge malicious transactions if TelcoinDistributor is paused.
Code Snippet
https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/protocol/core/TelcoinDistributor.sol#L115-L117
Tool used
Manual Review
Recommendation
Allow challenges while the contract is paused.
Duplicate of #24