Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

Latest commit

 

History

History
53 lines (33 loc) · 1.34 KB

005.md

File metadata and controls

53 lines (33 loc) · 1.34 KB
Raw

ctf_sec

medium

MarketCore#_mint should check if the market is not deprecated

Summary

MarketCore#_mint should check if the market is not deprecated

Vulnerability Detail

https://github.com/sherlock-audit/2022-11-float-capital/blob/main/contracts/market/template/MarketCore.sol#L246-L257

MarketCore#_mint should check if the market is not deprecated before the minting, as the comment suggested.

  /// @dev We have to check market not deprecated after system state update because that is the function that determines whether the market should be deprecated.

note the function redeem made the check using checkMarketNotDeprecated modifier

  function _redeem(
    uint112 amount,
    address user,
    PoolType poolType,
    uint256 poolTier
  ) internal checkMarketNotDeprecated {

Impact

User's may mint position even after the market is deprecated.

Code Snippet

https://github.com/sherlock-audit/2022-11-float-capital/blob/main/contracts/market/template/MarketCore.sol#L246-L257

Tool used

Manual Review

Recommendation

I am aware that when the market is marked as deprecated, and mint would revert,

    marketDeprecated = true;
    mintingPaused = true;

but by just looking at the code, checkMarketNotDeprecated modifier is still needed in case the admin accidentally unpause the pool.