Skip to content
This repository has been archived by the owner on Sep 15, 2024. It is now read-only.

GiuseppeDeLaZara - Pausable is not implemented #66

Closed
sherlock-admin3 opened this issue Mar 15, 2024 · 2 comments
Closed

GiuseppeDeLaZara - Pausable is not implemented #66

sherlock-admin3 opened this issue Mar 15, 2024 · 2 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid

Comments

@sherlock-admin3
Copy link
Contributor

sherlock-admin3 commented Mar 15, 2024
edited
Loading

GiuseppeDeLaZara

medium

Pausable is not implemented

Summary

Several contracts in the Tapioca protocol are extending the Pausable contract but are not implementing the pausing/unpausing functionality. This means that critical functions cannot be paused in case of emergency.

Vulnerability Detail

mTOFT.sol, TOFT.sol, Usdo.sol, AssetToSGLPLeverageExecutor.sol contracts are extending the Pausable contract but are not implementing the pausing/unpausing functionality.

## Pausable.sol

function _pause() internal virtual whenNotPaused {
    _paused = true;
    emit Paused(_msgSender());
}

function _unpause() internal virtual whenPaused {
    _paused = false;
    emit Unpaused(_msgSender());
}

There are numerous functions in the aforementioned contracts that use the whenNotPaused modifier, e.g.

## TOFT.sol

function executeModule(ITOFT.Module _module, bytes memory _data, bool _forwardRevert)
    external
    payable
    whenNotPaused
    returns (bytes memory returnData)
{
    return _executeModule(uint8(_module), _data, _forwardRevert);
}

But pausing can never be activated as the pausing functionality is not implemented.

Impact

Critical functions cannot be paused in case of emergency as the pausing functionality is not implemented.

Code Snippet

Tool used

Manual Review

Recommendation

Recommendation

Include the following function in the contracts to implement the pausing functionality:

function pause(bool pause) external onlyOwner {
    pause ? _pause() : _unpause();
}

Duplicate of #64
@maarcweiss
Copy link
Member

Dup of #64

@sherlock-admin2 sherlock-admin2 added Sponsor Confirmed The sponsor acknowledged this issue is valid Will Fix The sponsor confirmed this issue will be fixed labels Mar 16, 2024
@github-actions github-actions bot added Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Mar 20, 2024
@sherlock-admin3
Copy link
Contributor Author

1 comment(s) were left on this issue during the judging contest.

WangAudit commented:

refer to 24

@sherlock-admin3 sherlock-admin3 changed the title Rural Amethyst Tapir - Pausable is not implemented GiuseppeDeLaZara - Pausable is not implemented Mar 31, 2024
@sherlock-admin3 sherlock-admin3 added the Reward A payout will be made for this issue label Mar 31, 2024
@sherlock-admin2 sherlock-admin2 removed the Will Fix The sponsor confirmed this issue will be fixed label Apr 3, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@maarcweiss @sherlock-admin2 @sherlock-admin3