The `pause / unpause` functionality is not implemented in the contracts of the Fjord protocol thus putting user funds at risk in the event of an emergency (attack)
Summary
The pause / unpause functionality is not implemented in the contracts of the Fjord protocol thus putting user funds at risk in the event of an emergency (attack)
Vulnerability Details
There a multiple critical contracts in the Fjord protocol such as FjordStaking, FjordPoints and FjordStaking. But if a critical vulnerability is found in these contracts or if there is an attack on the protocol where the user funds are at risk the protocol can not be paused since there is no pause / unpause functionality implemented in this protocol.
Impact
Hence all the critical functions of the Fjord protocol such as stake, unstake, claimRewards, bid, unbid, claimPoints is allowed to be called even during an emergency such as an attack, which puts user funds in danger. And will make it difficult for the admins to resolve the issues and protect the protocol since the protocol is active with ongoing (live) transactions.
https://github.com/Cyfrin/2024-08-fjord/blob/main/src/FjordStaking.sol#L368-L391
https://github.com/Cyfrin/2024-08-fjord/blob/main/src/FjordStaking.sol#L616-L657
https://github.com/Cyfrin/2024-08-fjord/blob/main/src/FjordAuction.sol#L143-L153
https://github.com/Cyfrin/2024-08-fjord/blob/main/src/FjordAuction.sol#L207-L222
https://github.com/Cyfrin/2024-08-fjord/blob/main/src/FjordPoints.sol#L253-L261
Tools Used
Manual Review and VSCode
Recommendations
Hence it is recommended to implement the pause/unpause functionality in the critical contracts of the Fjord protocol. The Fjord contracts can inherit from the openzeppelin Pausable.sol contract to implement the pause / unpause functionality.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.