Missing Pause & Unpause Mecchanism in Zaro's Protocol
Summary
The Zaros Perpetuals DEX lacks a pause and unpause mechanism, which is crucial security feature for any DEFi protocol. This absence exposes the protocol to significant risks in case of an emergency, exploit , or unexpected market event.
Vulnerability Details
A pause mechanism allows the protocol's admin (or governance) to halt trading, deposits, liquidations, and other critical functions in case of
A major security exploit: (e.g., an oracle manipulation attack or smart contract vulnerability).
Sequencer downtime which is taking longer
A chainlink failure or sequencer downtime on Arbitrum, preventing inaccurate prices incorrect liquidation and unfair liquidations
Impact
Smart Contract exploit
Oracle manipulation attacks
Liquidity drain risks
Unexpected market crashes
Tools Used
Manual Review
Recommendations
Zaros developers should immediately implement a pause function in both:
The perpetuals Trading Engine
The Market Making Engine
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.