Pausing Contracts Has No Effect
Summary
The _paused flag is not respected.
Vulnerability Details
Multiple core contracts in scope inherit from Rescuable, which implements the Pausable interface.
Although the contracts correctly expose pausing capability to an administrator via a call to setPauseStatus(bool), the status of the flag is never queried to implement safeguard access to critical functionality.
Impact
It is impossible to pause the contracts in the case of an active exploit or upgrade.
Tools Used
Manual Review
Recommendations
Apply the whenNotPaused modifier to critical flows.
Lead Judging Commences
[invalid] finding-Rescuable-pause-no-effect
I believe this is informational and non-acceptable severity because: - A single pause on withdraw to be sufficient to pause the markets during times of emergencies, given that is the only function where collateral/point tokens/native ETH can be pulled from market transactions. - Every tadle market place can be switched offline by the admin via [`updateMarketPlaceStatus`](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/SystemConfig.sol#L160-L171) and is checked in market actions via [`checkMarketPlaceStatus`](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/libraries/MarketPlaceLibraries.sol#L54-L67) to be online. This prevents many major market actions including the creation, listing and settlement of offers.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.