The Pausable functionalit of SuperPool.sol contract is useless as its not used on contracts functions
Summary
The Pausable functionalit of SuperPool.sol contract is useless as its not used on contracts functions
Vulnerability Detail
SuperPool.sol has inherited openzeppelin's Pausable.sol so that pausable state of contracts can be managed.
contract SuperPool is Ownable, Pausable, ReentrancyGuard, ERC20 {
The contracts has provided togglePause() function to toggle the pause state of SuperPool contract which can only be accessed by contract owner.
/// @notice Toggle pause state of the SuperPool
function togglePause() external onlyOwner {
if (Pausable.paused()) Pausable._unpause();
else Pausable._pause();
}
As per the discussions with Protocol team, they have missed marking few functions pausable so its in issue and deviating from intended design.
As per contest readme, The SuperPool is heavily inspired from and modified from Yearn v3 and Metamorpho vault designs so Yearn V3 has used pausable functionality on functions like deposit and mint functions, etc.
Impact
The inherited Pausable functionality would be useless as togglePause() function wont make any difference on contracts functions access even when the contract is paused as Pausable.sol's whenNotPaused or whenPaused modifiers have not been used on any of the SuperPool contracts functions.
Use the inherited openzeppelin's Pausable.sol functions having whenNotPaused or whenPaused modifiers on SuperPool.sol functions as intended by protocol design as these are missed as per Protocol team.
MohammedRizwan
Medium
The Pausable functionalit of
SuperPool.solcontract is useless as its not used on contracts functionsSummary
The Pausable functionalit of
SuperPool.solcontract is useless as its not used on contracts functionsVulnerability Detail
SuperPool.solhas inherited openzeppelin'sPausable.solso that pausable state of contracts can be managed.The contracts has provided
togglePause()function to toggle the pause state of SuperPool contract which can only be accessed by contract owner.As per the discussions with Protocol team, they have missed marking few functions pausable so its in issue and deviating from intended design.
As per contest readme,
The SuperPool is heavily inspired from and modified from Yearn v3 and Metamorpho vault designsso Yearn V3 has used pausable functionality on functions like deposit and mint functions, etc.Impact
The inherited
Pausablefunctionality would be useless astogglePause()function wont make any difference on contracts functions access even when the contract is paused as Pausable.sol'swhenNotPausedorwhenPausedmodifiers have not been used on any of theSuperPoolcontracts functions.Code Snippet
https://github.com/sherlock-audit/2024-08-sentiment-v2/blob/0b472f4bffdb2c7432a5d21f1636139cc01561a5/protocol-v2/src/SuperPool.sol#L25
https://github.com/sherlock-audit/2024-08-sentiment-v2/blob/0b472f4bffdb2c7432a5d21f1636139cc01561a5/protocol-v2/src/SuperPool.sol#L163-L167
Tool used
Manual Review
Recommendation
Use the inherited openzeppelin's Pausable.sol functions having whenNotPaused or whenPaused modifiers on SuperPool.sol functions as intended by protocol design as these are missed as per Protocol team.
Duplicate of #270