Platform: Code4rena
Start Date: 07/03/2024
Pot Size: $63,000 USDC
Total HM: 20
Participants: 36
Period: 5 days
Judge: cccz
Total Solo HM: 11
Id: 349
League: BLAST
Rank: 35/36
Findings: 1
Award: $15.33
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: ether_sky
Also found by: 0x11singh99, 0xE1, 0xJaeger, Bauchibred, Bigsam, Bozho, Breeje, DarkTower, HChang26, SpicyMeatball, Trust, ZanyBonzy, albahaca, bareli, blutorque, grearlake, hals, hassan-truscova, hihen, oualidpro, pfapostol, ravikiranweb3, slvDev, zhaojie
15.328 USDC - $15.33
The stake() and lock() functions have a modifier whenNotPaused restricting use when the contract is paused. However, the privileged stakeFor() function allows operators to deposit and lock funds (for themselves or others) regardless of the pause state.
stakeFor() is missing the whenNotPaused modifier.
Manual Analysis
Add the missing modifier to the function so that deposit are blocked when contract is paused.
Other
#0 - c4-pre-sort
2024-03-15T12:46:44Z
141345 marked the issue as duplicate of #18
#1 - c4-judge
2024-03-29T16:07:17Z
thereksfour changed the severity to QA (Quality Assurance)
#2 - c4-judge
2024-03-29T16:43:39Z
thereksfour marked the issue as grade-b