Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QA Report #6

Closed
c4-bot-4 opened this issue Oct 25, 2024 · 4 comments
Closed

QA Report #6

c4-bot-4 opened this issue Oct 25, 2024 · 4 comments
Labels
bug Something isn't working grade-c insufficient quality report This report is not of sufficient quality QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax unsatisfactory does not satisfy C4 submission criteria; not eligible for awards

Comments

@c4-bot-4
Copy link

See the markdown file with the details of this report here.
@c4-bot-4 c4-bot-4 added bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax labels Oct 25, 2024
c4-bot-3 added a commit that referenced this issue Oct 25, 2024
@c4-bot-3
gesha17 issue #6
47feb6c
c4-bot-8 added a commit that referenced this issue Oct 25, 2024
@c4-bot-8
gesha17 data for issue #6
b221ec2
@ElliotFriedman
Copy link

You can't lift the pause by updating the pause duration because you can't execute or propose transactions while the contract is paused.

Once paused, the only way to unpause is to wait it out and let the contract unpause.

@howlbot-integration howlbot-integration bot added the insufficient quality report This report is not of sufficient quality label Oct 27, 2024
@c4-judge c4-judge added grade-c unsatisfactory does not satisfy C4 submission criteria; not eligible for awards labels Nov 4, 2024
@c4-judge
Copy link

c4-judge commented Nov 4, 2024

GalloDaSballo marked the issue as grade-c

@gesha17 gesha17 mentioned this issue Nov 5, 2024
Closed
@gesha17
Copy link

gesha17 commented Nov 5, 2024

Hello @GalloDaSballo,

The sponsor's comment is a valid one:

You can't lift the pause by updating the pause duration because you can't execute or propose transactions while the contract is paused.

Once paused, the only way to unpause is to wait it out and let the contract unpause.

That was a logical mistake on my part, I don't know why I wrote that, must have been tired. But the rest of the submission is valid. There will be a duration that the protocol will remain without the protection of the pauser guardian.

Especially considering the recent sophisticated attack on Radiant, which involved using malware on the victims computers to compromise the signer keys, this should be a valid concern. The report 137 from the validation repo should be duped with this one.

@GalloDaSballo
Copy link

The pause guarantees that a "circuit break" happens
This is a one off event and must be acted upon
Per the EDGECASES document we know that based on the trust on spells vs guardian, config could be set differently

I believe this shows a scenario in which the owners incorrectly interact with the protocol as they should use the pause as a means to take other actions

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working grade-c insufficient quality report This report is not of sufficient quality QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax unsatisfactory does not satisfy C4 submission criteria; not eligible for awards
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@gesha17 @GalloDaSballo @ElliotFriedman @c4-judge @c4-bot-4