Missing whenNotPaused Modifier in withdraw Function
Summary
The withdrawfunction in the contract is designed to allow the metaVault to withdraw tokens from the strategy. However, the function currently lacks the whenNotPaused modifier, making it callable even when the contract is paused. This can lead to operational issues and security risks.
Vulnerability Detail
The withdraw function does not include the whenNotPaused modifier, which means it can be executed even when the contract is paused. The absence of this modifier allows the function to perform critical operations like withdrawing liquidity and transferring tokens regardless of the contract’s paused state. This can lead to issues such as unauthorized withdrawals during maintenance or emergency situations.
Impact
Operational Risk: Executing withdrawals when the contract is intended to be paused can disrupt planned maintenance or emergency responses.
Security Risk: Allows withdrawals during periods when the contract is paused for security reasons, potentially exposing the contract to further risks.
Inconsistent State: Operations performed during a paused state can lead to inconsistencies in the contract’s state and data.
To resolve this issue, add the whenNotPaused modifier to the withdraw function. This ensures that the function can only be called when the contract is not paused, aligning with the existing security measures and preventing operations during paused states.
NoOne
medium
Missing
whenNotPausedModifier inwithdrawFunctionSummary
The
withdrawfunction in the contract is designed to allow the metaVault to withdraw tokens from the strategy. However, the function currently lacks thewhenNotPausedmodifier, making it callable even when the contract is paused. This can lead to operational issues and security risks.Vulnerability Detail
The
withdrawfunction does not include thewhenNotPausedmodifier, which means it can be executed even when the contract is paused. The absence of this modifier allows the function to perform critical operations like withdrawing liquidity and transferring tokens regardless of the contract’s paused state. This can lead to issues such as unauthorized withdrawals during maintenance or emergency situations.Impact
Operational Risk: Executing withdrawals when the contract is intended to be paused can disrupt planned maintenance or emergency responses. Security Risk: Allows withdrawals during periods when the contract is paused for security reasons, potentially exposing the contract to further risks. Inconsistent State: Operations performed during a paused state can lead to inconsistencies in the contract’s state and data.
Code Snippet
function withdraw
Tool used
Manual Review
Recommendation
To resolve this issue, add the
whenNotPausedmodifier to thewithdrawfunction. This ensures that the function can only be called when the contract is not paused, aligning with the existing security measures and preventing operations during paused states.