`PAXG` can block the user and this can cause the user trouble withdrawing his PAXG collateral.
Summary
If a user is blocked by the PAXG token, they can still convert their other collateral to PAXG using the internal swap function. However, when they attempt to withdraw their token later, a revert will occur.
Vulnerability Details
The PAXG tokens can block users from using their token by using the freeze function in their contract. Here is the link to the contract: PAXG Implementation.sol
If a user is blocked from using PAXG, they can still swap their other supported collateral to PAXG using the SmartVaultV3:swap function. However, if they try to withdraw their PAXG collateral to their address using SmartVaultV3:removeCollateral, a revert will occur because the user is frozen in the PAXG contract.
Although the removeCollateral function allows for a different _to address, if the user is aware that their PAXG deposit has been blocked, they can easily withdraw their PAXG to another address. However, if the user is not aware, they may face difficulties in navigating this situation.
Impact
New vault users who are not aware of this freeze functionality may become confused.
Tools Used
manual review
Recommendations
When performing a swap, check if the outToken has blocking functionality. If a user is already blocked, do not allow the swap to proceed. Instead, revert the transaction with an appropriate error message that can be displayed in the user interface for new users.
Lead Judging Commences
informational/invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.