search

sherlock-audit / 2024-05-gamma-staking-judging

9 stars 7 forks source link

Mansa11 - Pause functionality and access control not rightly implemented #279

Closed sherlock-admin3 closed 5 months ago

sherlock-admin3 commented 5 months ago

Mansa11

high

Pause functionality and access control not rightly implemented

Summary

The pause function is not rightly implemented and there are no modifiers to take this into effect. https://github.com/sherlock-audit/2024-05-gamma-staking/blob/main/StakingV2/src/Lock.sol#L669-L681

Vulnerability Detail

Most of the core sensitive functionalities can still be carried out irrespective of pause or unpause. This is a break in logic because the protocol actually made provision for this but it just wasn't rightly implemented and would lead to unforeseeable casualties.

Pause functionalities and Unpause functionalities are very delicate controls that helps safeguard protocols and should be rightly implemented.

Impact

Code Snippet

function pause() public onlyOwner {
        _pause(); // Calls the internal _pause function which enforces the pause state across the contract.
    }

    function unpause() public onlyOwner {
        _unpause(); // Calls the internal _unpause function which deactivates the pause state across the contract.
    }

Tool used

Manual Review

Recommendation

restructure the logic.

santipu03 commented 5 months ago

This issue is invalid because it fails to describe a valid attack path and a clear impact.