Standard protocol architecture utilizing OpenZeppelin's Pausable typically gates both inflows (deposits/stakes) and outflows (withdrawals/claims) to completely freeze contract state in the event of an emergency.
In ConfidencePool, the whenPoolNotPaused modifier is exclusively applied to stake and contributeBonus (as well as flagOutcome). Outflow functions like withdraw, claimExpired, claimSurvived, and claimCorrupted are missing the modifier, meaning users can continue withdrawing funds even if the sponsor specifically attempts to "pause" the pool.
The sponsor or DAO identifies a potential logic flaw during active deployment.
The sponsor triggers the pause() function expecting a complete freeze of all token movement to prevent exploitation.
The pause mechanism does not halt outflows, leaving the pool partially exposed.
While explicitly designed this way (to guarantee user access to liquidity and prevent the sponsor from trapping funds), the discrepancy from standard OpenZeppelin patterns creates a UX friction for admins relying on traditional pause security.
Create a new test file test/unit/POCTest.t.sol inheriting from BaseConfidencePoolTest, paste the following code inside the contract body, and run it using the command forge test --match-test test_POC_PausableDoesNotBlockOutflows -vvv.
While intentionally designed to fail-safe and allow user liquidity withdrawals even during an emergency, the deviation from standard Pausable behavior should be explicitly documented via NatSpec on the pause() function. This prevents sponsors from falsely assuming they can freeze malicious outflows.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.
The contest is complete and the rewards are being distributed.