Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

StabilityPool::depositRAACFromPool can be utilized when the StabilityPool is paused but it shouldnt

0xw3

Summary

StabilityPool implements a pause functionality as an emergency mechanism
So, when pause mode is enabled functions in StabilityPool cannot be used.
However lack of modifier in depositRAACFromPool allows to use it even when contract is paused

Vulnerability Details

Pause functionality disables the usage of functions that has whenNotPaused modifier, such as deposit:

function deposit(uint256 amount) external nonReentrant whenNotPaused validAmount(amount) {

However depositRAACFromPool doesnt utilize this modifier, making it available even when StabilityPool is in pause mode

function depositRAACFromPool(uint256 amount) external onlyLiquidityPool validAmount(amount) {

So if contract is paused in emergency, balance changes still can be made using depositRAACFromPool, making pause emergency mode pointless

To show the described issue, save the following code in test/unit/core/pools/StabilityPool/StabilityPool.test.js under "Emergency Functions" section

it("It doesnt pause depositRAACFromPool even when stabilityPool is paused", async function () {

await stabilityPool.pause();

await expect(

stabilityPool.connect(user1).deposit(ethers.parseEther("100"))

).to.be.revertedWithCustomError(stabilityPool, "EnforcedPause");

await expect(

stabilityPool.connect(user1).withdraw(ethers.parseEther("100"))

).to.be.revertedWithCustomError(stabilityPool, "EnforcedPause");

await expect(

stabilityPool.liquidateBorrower(user1.address)

).to.be.revertedWithCustomError(stabilityPool, "EnforcedPause");

// mint raacTokens for user3

var n_tokens = 1000;

await raacToken.setMinter(user1.address);

await raacToken.connect(user1).mint(user3.address, n_tokens);

// approve tokens from user3 to stabilityPool

await raacToken.connect(user3).approve(await stabilityPool.target,n_tokens)

// set user3 as stabilityPool's liquidity pool

await stabilityPool.setLiquidityPool(user3.address);

// deposit from liquidity pool even when stabilityPool is emergency paused

await stabilityPool.connect(user3).depositRAACFromPool(n_tokens);

});

Start node and execute test with

reset; npx hardhat test test/unit/core/pools/StabilityPool/StabilityPool.test.js --network localhost

Observe call to depositRAACFromPool doesnt revert even in pause mode, and StabilityPool balance changes are performed

Impact

Lack of usage of whenNotPaused modifier on depositRAACFromPool allows to perform balance changes in StabilityPool even in paused mode breaking invariants and making emergency pause mode ineffective

Tools Used

Manual Review

Recommendations

Implement whenNotPaused modifier in StabilityPool::depositRAACFromPool function

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!