Platform: Code4rena
Start Date: 02/06/2023
Pot Size: $100,000 USDC
Total HM: 15
Participants: 75
Period: 7 days
Judge: Picodes
Total Solo HM: 5
Id: 249
League: ETH
Rank: 35/75
Findings: 1
Award: $102.27
🌟 Selected for report: 0
🚀 Solo Findings: 0
102.2712 USDC - $102.27
The contract contracts/Auction.sol, even doing import '@openzeppelin/contracts-upgradeable/security/PausableUpgradeable.sol'; and __Pausable_init();. They have left the public functions to control the state of the contract without declaration, meaning that if there is a problem with the Auction contract it can never change to paused state like ETHx.sol contract can.
The contract is being imported here: https://github.com/code-423n4/2023-06-stader/blob/d5f7854fdf70547c6476c00be5d97c85f2c8d064/contracts/Auction.sol#LL11C1-L11C79
The contract is being inherited here: https://github.com/code-423n4/2023-06-stader/blob/d5f7854fdf70547c6476c00be5d97c85f2c8d064/contracts/Auction.sol#LL14C1-L14C121
The contract is being initialized here: https://github.com/code-423n4/2023-06-stader/blob/d5f7854fdf70547c6476c00be5d97c85f2c8d064/contracts/Auction.sol#LL34C9-L35C1
The contract is being used in the following lines: https://github.com/code-423n4/2023-06-stader/blob/d5f7854fdf70547c6476c00be5d97c85f2c8d064/contracts/Auction.sol#L48 https://github.com/code-423n4/2023-06-stader/blob/d5f7854fdf70547c6476c00be5d97c85f2c8d064/contracts/Auction.sol#L62
Manual Audit
There should have the following code snipet present on ETHx.sol contract:
This way the usage of the pausable contract is ensured and the Auction would not have any surprises during its usage.
Other
#0 - c4-judge
2023-06-10T10:45:14Z
Picodes marked the issue as duplicate of #383
#1 - c4-judge
2023-07-02T09:44:33Z
Picodes marked the issue as satisfactory