The uninviteUser function is missing the whenNotPaused modifier, allowing the function to be called even when the contract is paused.
Root Cause
In EthosProfile.sol the uninviteUser function lacks the whenNotPaused modifier.
Internal pre-conditions
The contract must be in a paused state.
External pre-conditions
None
Attack Path
An attacker or user calls the uninviteUser function while the contract is paused. Despite the paused state, the function executes, potentially leading to unintended changes.
Impact
Allows storage modifications during a paused state.
PoC
None needed
Mitigation
Add whenNotPaused modifier to the uninviteUser function.
Falendar
Medium
Missing
whenNotPausedmodifier inuninviteUserSummary
The
uninviteUserfunction is missing thewhenNotPausedmodifier, allowing the function to be called even when the contract is paused.Root Cause
In
EthosProfile.solthe uninviteUser function lacks thewhenNotPausedmodifier.Internal pre-conditions
The contract must be in a paused state.
External pre-conditions
None
Attack Path
An attacker or user calls the
uninviteUserfunction while the contract is paused. Despite the paused state, the function executes, potentially leading to unintended changes.Impact
Allows storage modifications during a paused state.
PoC
None needed
Mitigation
Add
whenNotPausedmodifier to theuninviteUserfunction.