Submission Details
Severity:
Gauge staking and withdrawal cannot be paused
Summary
Gauge staking and withdrawal cannot be paused.
Vulnerability Details
As per BaseGauge.md, emergency pause should stops all operations.
Emergency pause stops all operations
However, whenNotPaused modifier is not applied to stake() or withdraw(), this means user can still stake/withdraw even when the contract is in emergency pause state.
function stake(uint256 amount) external nonReentrant updateReward(msg.sender) {
function withdraw(uint256 amount) external nonReentrant updateReward(msg.sender) {
Impact
Gauge staking and withdraw cannot be paused.
Tools Used
Manual Review
Recommendations
Add whenNotPause modifier to stake() and withdraw().
Updates
Lead Judging Commences
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
BaseGauge::withdraw, stake, and checkpoint functions lack whenNotPaused modifier, allowing critical state changes even during emergency pause
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
BaseGauge::withdraw, stake, and checkpoint functions lack whenNotPaused modifier, allowing critical state changes even during emergency pause
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420
USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.