0xadrii - Missing pausing functionality implementation makes USDO, tOFT and AssetToSGLPLeverageExecutor contracts not pausable

[sherlock-admin4]

0xadrii

medium

Missing pausing functionality implementation makes USDO, tOFT and AssetToSGLPLeverageExecutor contracts not pausable

Summary

Contracts who inherit from OpenZeppelin's pausable contract lack the actual implementations to pause the contracts, rendering them unpausable

Vulnerability Detail

The USDO.sol, TOFT.sol and AssetToSGLPLeverageExecutor.sol contracts inherit from Openzeppelin’s Pausable contract.

OpenZeppelin’s Pausable contract offers the functionality of pausing via the whenNotPaused() modifier. However, this contract does not have any external function that allows contracts inheriting Pausable to actually pause/unpause the contract, and the contract will not be pausable by simply inheriting Pausable, as stated in OpenZeppelin’s comments.

This will make both contracts unpausable, which might be an important feature if unexpected events affect the protocol.

Impact

Medium. Contract’s won’t be pausable and might be affected in market downturns/unexpected events affecting USDO and the Tapioca protocol.

Code Snippet

https://github.com/sherlock-audit/2024-02-tapioca/blob/main/Tapioca-bar/contracts/usdo/Usdo.sol#L45

https://github.com/sherlock-audit/2024-02-tapioca/blob/main/Tapioca-bar/contracts/markets/leverage/AssetToSGLPLeverageExecutor.sol#L40

https://github.com/sherlock-audit/2024-02-tapioca/blob/main/TapiocaZ/contracts/tOFT/TOFT.sol#L47

Tool used

Manual Review

Recommendation

Implement functions that allow the pausing state to be set/unset, so that USDO.sol, TOFT.sol and AssetToSGLPLeverageExecutor.sol can actually be pausable.

Duplicate of #64

[maarcweiss]

Dup of https://github.com/sherlock-audit/2024-02-tapioca-judging/issues/64

[sherlock-admin3]

1 comment(s) were left on this issue during the judging contest.

WangAudit commented:

refer to 118