CipherHawk - Pauser cannot halt contract operations during emergencies

[sherlock-admin4]

CipherHawk

High

Pauser cannot halt contract operations during emergencies

Summary

The Stablecoin.sol contract does not implement an emergency stop (circuit breaker) mechanism. This will prevent administrators from halting critical functionalities in case of a discovered vulnerability or unforeseen issue, allowing potential exploits to persist and cause damage.

Root Cause: In Stablecoin.sol, while the contract includes role-based access controls, it lacks integration with OpenZeppelin's Pausable contract or a similar emergency stop mechanism to allow pausing of sensitive functions.

https://github.com/sherlock-audit/2024-11-telcoin/blob/main/telcoin-audit/contracts/stablecoin/Stablecoin.sol#L19
Internal pre-conditions:

1. A vulnerability is discovered post-deployment.

2. The contract's critical functions are under attack or behaving unexpectedly.

External pre-conditions:

1. An admin needs to activate the emergency stop.

2. The contract's state is in a compromised or unstable condition.

Attack Path:

1. A vulnerability is exploited, allowing unauthorized actions like minting or transferring tokens.

2. Without an emergency stop, administrators cannot halt operations to prevent further exploitation.

3. The attacker continues exploiting the vulnerability, leading to significant financial losses.

Impact:

Unmitigated Exploits: Vulnerabilities can be exploited continuously without administrative intervention.

Financial Losses: Ongoing attacks can drain funds, manipulate token supply, or disrupt the contract's intended functionalities.

Loss of User Trust: Inability to respond to emergencies can erode user confidence and deter participation in the ecosystem.

Mitigation:

Implement Pausable Mechanism: Integrate OpenZeppelin's PausableUpgradeable into the contract, allowing authorized roles to pause and unpause critical functions during emergencies.

import "@openzeppelin/contracts-upgradeable/security/PausableUpgradeable.sol";

contract Stablecoin is ERC20PermitUpgradeable, Blacklist, PausableUpgradeable {
// Initialize Pausable in the initializer
function initialize(...) external initializer {
...
__Pausable_init();
}

// Add `whenNotPaused` and `whenPaused` modifiers to sensitive functions
function transfer(...) public whenNotPaused returns (bool) {
    ...
}

// Define pause and unpause functions
function pause() external onlyRole(PAUSER_ROLE) {
    _pause();
}

function unpause() external onlyRole(PAUSER_ROLE) {
    _unpause();
}

}

Define Clear Protocols: Establish and document procedures for activating and deactivating the emergency stop, ensuring rapid response to critical issues.

Regular Drills: Conduct simulated emergency scenarios to ensure that the pause mechanism functions correctly and that administrators are prepared to act swiftly.

Root Cause

.

Internal pre-conditions

.

External pre-conditions

.

Attack Path

.

Impact

.

PoC

No response

Mitigation

No response