Furry Hickory Gazelle
Medium
The increaseVouch function in the Ethos contract
allows users to add funds (vouchers) to a specified profile. While the contract implements a mechanism to lock activities using a pausable state, this specific function does not include a check for whether the contract is paused. Consequently, users can bypass the lock mechanism and continue interacting with the contract even when it is explicitly paused for maintenance or to prevent malicious activity.
This omission undermines the intended purpose of the pausable mechanism, which is to halt all activity during critical periods, such as upgrades, emergency scenarios, or vulnerability patching.
No response
No response
No response
No response
Users can send funds into the contract despite it being in a paused state, potentially exposing those funds to risks during a critical event (e.g., an exploit or protocol freeze).
No response
function increaseVouch(uint256 vouchId) public payable nonReentrant whenNotPaused {
// Function logic remains the same
}