Skip to content

Latest commit

 

History

History
40 lines (22 loc) · 1.42 KB

File metadata and controls

40 lines (22 loc) · 1.42 KB

Calm Fiery Llama

Medium

Fee Management functions in EthosVouch can be called when the contract is paused.

Summary

A missing modifier in every Fee Management function allows every type of FeeBasisPoint to be changed while the contract is paused.

Root Cause

Every Fee Management function can be called when the contract is paused.

Internal pre-conditions

None.

External pre-conditions

None.

Attack Path

  1. A Voucher wants to call EthosVouch::vouchByAddress(), EthosVouch::vouchByProfileId() or EthosVouch::unvouch() to vouch for a profile or unvouch as he likes the current fee condtions.
  2. The contract is paused.
  3. While the contract is paused, the current FeeBasisPoints can be changed.
  4. When the contract is unpaused, the fee conditions will be different and the user will not be able to vouch or unvouch for the same conditions.

Impact

Users might not be able to vouch for the conditions they originally wanted to. Additionally, users may have to pay a higher exit fee as they can't unvouch when the contract is paused, but the exitFeeBasisPoints can be increased.

PoC

No response

Mitigation

Add whenNotPaused modifier to every Fee Management function in EthosVouch.sol just like in ReputationMarket.sol.