Platform: Code4rena
Start Date: 30/04/2024
Pot Size: $112,500 USDC
Total HM: 22
Participants: 122
Period: 8 days
Judge: alcueca
Total Solo HM: 1
Id: 372
League: ETH
Rank: 70/122
Findings: 1
Award: $2.70
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: zigtur
Also found by: 0x73696d616f, 0xBeastBoy, 0xCiphky, Aymen0909, FastChecker, LessDupes, NentoR, Sathish9098, TECHFUND, TheFabled, ak1, bigtone, cu5t0mpeo, eeshenggoh, guhu95, ilchovski, josephdara, ladboy233, mt030d, oakcobalt, rbserver, t0x1c, tapir, xg
2.6973 USDC - $2.70
The WithdrawQueue contract has defined pause and unpause functions but they haven't been utilized in the contract. No modifier like whenNotPaused type is defined and used with the function that shouldn't be operational if the contract is paused.
Without the "whenNotPaused" modifier, functions within the contract can still be invoked even when the contract is paused. This undermines the purpose of pausing the contract, as critical operations may continue to execute. Continued execution of functions during a paused state may result in unintended behavior, inconsistent state changes, or unexpected interactions with external systems or users. Users would be able to claim or withdraw even contract is paused.
See the following code:
/** * @notice Pause the contract * @dev Permissioned call (onlyWithdrawQueueAdmin) */ function pause() external onlyWithdrawQueueAdmin { _pause(); } /** * @notice Unpause the contract * @dev Permissioned call (onlyWithdrawQueueAdmin) */ function unpause() external onlyWithdrawQueueAdmin { _unpause(); }
Manual Review
Modify the contract's functions to include the whenNotPaused modifier, ensuring that they can only be executed when the contract is not in a paused state.
ETH-Transfer
#0 - c4-judge
2024-05-16T10:50:47Z
alcueca marked the issue as satisfactory