Summary

The emergencyShutdown function effectively pauses the contract and sets the emissionRate to zero, preventing further emissions. However, there is no built-in restart mechanism. Although unpause can resume contract operations, the emissionRate remains at zero, requiring a manual call to updateEmissionRate to restore functionality.

Vulnerability Details

• The emergencyShutdown function calls _pause(), halting operations.

• It sets emissionRate = 0, effectively disabling emissions.

• The contract lacks an explicit function to revert the shutdown state.

• After unpausing, the contract remains inoperable unless updateEmissionRate is manually invoked.

• This introduces an operational risk where an admin may forget to restore the emission rate after unpausing, causing unintended downtime.

Impact

• Once emergencyShutdown is called, contract functionality remains partially disabled even after unpausing.

• Requires an additional manual transaction (updateEmissionRate) to restore emissions, increasing operational complexity and potential for human error.

• Users may experience prolonged service disruptions if the emission rate is not promptly restored.

Tools Used

• Manual code review

Recommendations

• Introduce a restart function that unpauses the contract and restores the emission rate in a single transaction.

• Modify emergencyShutdown to store the last emission rate and provide a mechanism to reinstate it after unpausing.

• Add an event log to track when updateEmissionRate is called post-unpause for better monitoring.