sherlock-admin2
commented
1 month ago The protocol team fixed this issue in the following PRs/commits: https://github.com/Cork-Technology/Depeg-swap/pull/100
Closed sherlock-admin4 closed 2 months ago
sherlock-admin2
commented
1 month ago The protocol team fixed this issue in the following PRs/commits: https://github.com/Cork-Technology/Depeg-swap/pull/100
High Flint Llama
Low/Info
Ineffective PSM Pausing
Summary
The
ModuleCore::updatePoolsStatusfunction is intended to pause or unpause withdrawals and deposits the PSM. However using this function has no effect on repurchase's operation.Root Cause
The issue arises because the pausing mechanism implemented in
updatePoolsStatusis not being validated when user callPsmCore::repurchasehttps://github.com/sherlock-audit/2024-08-cork-protocol/blob/db23bf67e45781b00ee6de5f6f23e621af16bd7e/Depeg-swap/contracts/core/Psm.sol#L34
Impact
When calling the repurchase function, the user receives DS and PA while depositing RA. This process may introduce potential risks in scenarios where pausing functionality is crucial for security or operational reasons.
Mitigation
The recommendation is to revisit the implementation and ensure that the pausing logic is properly integrated into repurchase function.