Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

StabilityPool#depositRAACFromPool() can be called when contract is paused

newspacexyz

Summary

The StabilityPool#depositRAACFromPool() allows RAAC tokens to be deposited from the liquidity pool. However, this function is missing the whenNotPaused modifier, meaning it can still be executed even when the contract is paused.

Vulnerability Details

The function lacks the whenNotPaused modifier, meaning it can still be called even when the contract is paused.

This bypasses the intended security mechanism of pause() and could lead to unexpected behavior when the protocol is under maintenance or emergency conditions.

@> function depositRAACFromPool(uint256 amount) external onlyLiquidityPool validAmount(amount) {
...
}

Impact

The function still allows liquidity transfers while all other key functionalities are paused.

Tools Used

manual

Recommendations

Add the whenNotPaused modifier

- function depositRAACFromPool(uint256 amount) external onlyLiquidityPool validAmount(amount) {
+ function depositRAACFromPool(uint256 amount) external onlyLiquidityPool whenNotPaused validAmount(amount) {
Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.