Skip to content

Latest commit

 

History

History
39 lines (26 loc) · 1.06 KB

086.md

File metadata and controls

39 lines (26 loc) · 1.06 KB
Raw

Acidic Raspberry Rook

Medium

ERRC4626 deposit / mint cannot be paused

Description

Contract UsualX is a ERRC4626 vault.

The contract can be paused.

https://github.com/sherlock-audit/2024-10-usual-labs-v1/blob/4fb4a64a479e0b9b8f93934220e891c29d54df33/pegasus/packages/solidity/src/vaults/UsualX.sol#L297

 function depositWithPermit(
        uint256 assets,
        address receiver,
        uint256 deadline,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) external whenNotPaused nonReentrant returns (uint256 shares) {
        try IERC20Permit(asset()).permit(msg.sender, address(this), assets, deadline, v, r, s) {} // solhint-disable-line no-empty-blocks
            catch {} // solhint-disable-line no-empty-blocks

        return deposit(assets, receiver);
    }

While withdraw and redeem has the whenNotPaused modifier.

the function deposit and mint is missing whenNotPaused,

then depsoit and token transfer can be executed as usual even when the contract is paused.

Recommendation

add whenNotPaused modifier to function mint and redeem