Platform: Code4rena
Start Date: 02/06/2023
Pot Size: $100,000 USDC
Total HM: 15
Participants: 75
Period: 7 days
Judge: Picodes
Total Solo HM: 5
Id: 249
League: ETH
Rank: 33/75
Findings: 1
Award: $102.27
🌟 Selected for report: 0
🚀 Solo Findings: 0
102.2712 USDC - $102.27
https://github.com/code-423n4/2023-06-stader/blob/main/contracts/Auction.sol#L14
The contract Auction.sol inherits from OpenZeppelin's PausableUpgradeable.sol contract, but the _pause and _unpause functions are not exposed externally. This prevents owner of the contract from calling those functions, in case of emergency, to pause the auction contract.
This gives a false sense of security, because in reality, the auction contract can never be paused.
https://github.com/code-423n4/2023-06-stader/blob/main/contracts/Auction.sol#L14
As the _pause and _unpause functions are internal, so they can't be invoked to pause or unpause the contract.
Manual review
Make the _pause and _unpause functions external, and protect them using onlyOwner modifier.
Library
#0 - c4-judge
2023-06-10T10:44:39Z
Picodes marked the issue as duplicate of #383
#1 - c4-judge
2023-07-02T09:44:19Z
Picodes marked the issue as satisfactory