Dots - Paused state is not checked in deposit function

[sherlock-admin2]

Dots

medium

Paused state is not checked in deposit function

Summary

Paused state is not checked.

Vulnerability Detail

The strategy can be paused under certain periods that are considered to be dangerous for the system. This is usually done to protect the system from attacks or to prevent the system from making bad decisions.

However, the deposit function doesn't perform checks on whether the system is paused or not. This means that users can still interact with the system, even though it is paused. This can lead to unexpected behavior and potential losses for the users.

Impact

This issue can lead to unexpected behavior and potential losses for the users.

Code Snippet

https://github.com/sherlock-audit/2024-05-beefy-cowcentrated-liquidity-manager/blob/main/cowcentrated-contracts/contracts/strategies/velodrome/StrategyPassiveManagerVelodrome.sol#L204-L219

function deposit() external onlyCalmPeriods {
        _onlyVault();

        if (!initTicks) {
            _setTicks();
            initTicks = true;
        }

        // Add all liquidity
        _addLiquidity();

        (uint256 bal0, uint256 bal1) = balances();

        // TVL Balances after deposit
        emit TVL(bal0, bal1);
    }

Tool used

Manual Review

Recommendation

function deposit() external onlyCalmPeriods {
+       _whenStrategyNotPaused();
        _onlyVault();

        if (!initTicks) {
            _setTicks();
            initTicks = true;
        }

        // Add all liquidity
        _addLiquidity();

        (uint256 bal0, uint256 bal1) = balances();

        // TVL Balances after deposit
        emit TVL(bal0, bal1);
    }

[sherlock-admin3]

2 comment(s) were left on this issue during the judging contest.

z3s commented:

Invalid; _addLiquidity() checks it, anyway.

DHTNS commented:

Invalid -> paused checks are there in _addLiquidity function