xiaoming90 - Collateral can still be allocated to PartyA when the system is paused by exploiting the new internal transfer function #11
Labels
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
xiaoming90
Medium
Collateral can still be allocated to PartyA when the system is paused by exploiting the new internal transfer function
Summary
Collateral can still be allocated to PartyA when the system is paused by exploiting the new internal transfer function.
Vulnerability Detail
The
allocate
anddepositAndAllocate
functions are guarded by thewhenNotAccountingPaused
modifier to ensure that collateral can only be allocated when the accounting is not paused.https://github.com/sherlock-audit/2024-06-symmetrical-update-2/blob/main/protocol-core/contracts/facets/Account/AccountFacet.sol#L48
However, malicious users can bypass this restriction by exploiting the newly implemented
AccountFacet.internalTransfer
function. When the global pause (globalPaused
) and accounting pause (accountingPaused
) are enabled, malicious users can use theAccountFacet.internalTransfer
function, which is not guarded by thewhenNotAccountingPaused
modifier, to continue allocating collateral to their accounts, effectively bypassing the pause.https://github.com/sherlock-audit/2024-06-symmetrical-update-2/blob/main/protocol-core/contracts/facets/Account/AccountFacet.sol#L79
Impact
When the global pause (
globalPaused
) and accounting pause (accountingPaused
) are enabled, this might indicate that:globalPaused
) and accounting pause (accountingPaused
) have been activated to stop the attack. However, it does not work as intended, and the hackers can continue to exploit the system by leveraging the new internal transfer function to workaround the restriction.In both scenarios, this could lead to a loss of assets.
Code Snippet
https://github.com/sherlock-audit/2024-06-symmetrical-update-2/blob/main/protocol-core/contracts/facets/Account/AccountFacet.sol#L79
Tool used
Manual Review
Recommendation
Add the
whenNotAccountingPaused
modifier to theinternalTransfer
function.The text was updated successfully, but these errors were encountered: