Odd Orchid Capybara
Medium
A missing whenNotPaused
modifier will cause unauthorized operations during contract pause for the protocol as the increaseVouch
function can be called when the contract is paused
the increaseVouch
function does not have the whenNotPaused
modifier, allowing it to be called even when the contract is paused.
[Admin needs to call] pause to set paused to be true.
None
- Admin calls pause to pause the contract.
- Voucher actor calls increaseVouch to increase the staked amount, bypassing the pause state.
No response
describe('increaseVouch', () => {
it('should fail if contract is paused', async () => {
const { ethosVouch, OWNER, VOUCHER_0, PROFILE_CREATOR_0, ethosProfile } = await loadFixture(deployFixture);
// create a profile
await ethosProfile.connect(OWNER).inviteAddress(VOUCHER_0.address);
await ethosProfile.connect(OWNER).inviteAddress(PROFILE_CREATOR_0.address);
await ethosProfile.connect(VOUCHER_0).createProfile(1);
await ethosProfile.connect(PROFILE_CREATOR_0).createProfile(1);
// vouch
await ethosVouch.connect(VOUCHER_0).vouchByProfileId(3, DEFAULT_COMMENT, DEFAULT_METADATA, {
value: ethers.parseEther('0.01'),
});
// pause the contract
await ethosVouch.connect(OWNER).pause();
// try to increase vouch
await expect(
ethosVouch.connect(VOUCHER_0).increaseVouch(0, { value: ethers.parseEther('0.01') })
).to.be.revertedWith('Pausable: paused');
});
});
No response