Liquid Staking

Summary

The PriorityPool contract currently includes a pause mechanism via the pauseForUpdate function, which temporarily halts critical operations like deposits and withdrawals during important updates, such as Merkle tree recalculations. However, the contract lacks an explicit unpause function. The only way to unpause the contract is indirectly, through the updateDistribution function, which unpauses after a distribution update is completed. This design limits the flexibility of contract management, as it prevents developers or administrators from manually resuming contract operations when necessary. Implementing an explicit unpause function would allow for greater control, better error handling, and improved operational resilience

Vulnerability Details

pauseForUpdate()

This function allows the distribution oracle to pause contract operations during sensitive updates, such as recalculating token distribution. However, it lacks a corresponding manual unpause option.

updateDistribution()

This function unpauses the contract, but it is tied specifically to distribution updates. If an administrator wants to unpause the contract for any other reason, this function cannot be used.

The pauseForUpdate function is designed to pause critical operations (e.g., deposits, withdrawals, and unqueuing) during contract updates. However, if the update is incorrect or needs to be aborted, there is no manual way to unpause the contract. This forces the administrator to either complete the update (via updateDistribution) or leave the contract paused until the update is fixed.

Without an explicit unpause function:

• No Flexibility in Pausing/Unpausing: Developers and administrators are limited in their ability to control when the contract should resume normal operations.

• Error Recovery: If a mistake is made during the pause period (e.g., incorrect data or calculation errors), the contract remains paused until the updateDistribution function is called, potentially creating unnecessary downtime.

• Operational Bottlenecks: If the contract is paused for an extended period due to a pending update, it could disrupt operations and prevent users from accessing their tokens, depositing new funds, or withdrawing staked assets.

Example Scenario

• The distribution oracle calls pauseForUpdate() to pause the contract during a token distribution update.

• The developer realizes that the update process contains an error, or an external dependency (e.g., a Merkle tree recalculation) fails.

• The contract remains paused, and there is no way to manually unpause it without finishing the updateDistribution process.

• This leads to operational delays, and users are unable to deposit or withdraw tokens until the issue is resolved and the contract unpauses.

Impact

The lack of an explicit unpause function could result in extended downtimes, preventing users from interacting with the contract. Operations like deposits, withdrawals, or unqueuing of tokens would be blocked until the contract is manually unpaused by finishing the update process.

Without the ability to unpause the contract manually, administrators are forced to complete updates (even if errors occur) to restore contract functionality. This limits the ability to safely revert or fix an update before resuming operations, potentially leading to incomplete or incorrect data being pushed through the system.

Developers and administrators are unable to adjust the contract’s paused state according to their needs. If a situation arises where the update must be paused temporarily and then aborted or delayed, there is no way to unpause the contract to handle such situations manually.

Tools Used

Manual Review

Recommendations

An unpause function should be added to the contract, allowing the contract distribution oracle or an authorized party to resume normal operations at any time manually. This would provide more flexibility and control over the contract’s paused state, especially in scenarios where updates need to be rolled back or manually adjusted.