Pausable is not implemented

Summary

Several contracts in the Tapioca protocol are extending the Pausable contract but are not implementing the pausing/unpausing functionality. This means that critical functions cannot be paused in case of emergency.

Vulnerability Detail

mTOFT.sol, TOFT.sol, Usdo.sol, AssetToSGLPLeverageExecutor.sol contracts are extending the Pausable contract but are not implementing the pausing/unpausing functionality.

## Pausable.sol

function _pause() internal virtual whenNotPaused {
    _paused = true;
    emit Paused(_msgSender());
}

function _unpause() internal virtual whenPaused {
    _paused = false;
    emit Unpaused(_msgSender());
}

There are numerous functions in the aforementioned contracts that use the whenNotPaused modifier, e.g.

## TOFT.sol

function executeModule(ITOFT.Module _module, bytes memory _data, bool _forwardRevert)
    external
    payable
    whenNotPaused
    returns (bytes memory returnData)
{
    return _executeModule(uint8(_module), _data, _forwardRevert);
}

But pausing can never be activated as the pausing functionality is not implemented.

Impact

Critical functions cannot be paused in case of emergency as the pausing functionality is not implemented.

Code Snippet

Tool used

Manual Review

Recommendation

Include the following function in the contracts to implement the pausing functionality:

function pause(bool pause) external onlyOwner {
    pause ? _pause() : _unpause();
}

Duplicate of #64

maarcweiss commented 5 months ago

Dup of https://github.com/sherlock-audit/2024-02-tapioca-judging/issues/64

sherlock-admin3 commented 5 months ago

1 comment(s) were left on this issue during the judging contest.

WangAudit commented:

refer to 24

sherlock-audit / 2024-02-tapioca-judging

GiuseppeDeLaZara - Pausable is not implemented #66

Pausable is not implemented

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Recommendation