rvierdiiev
medium
Because BufferBinaryOptions.createFromRouter is not checking for pause it's still possible to create new option after BufferBinaryOptions contract was paused.
Function BufferBinaryOptions.toggleCreation is created for pausing/unpausing contract. When contract is paused that means that no new options should be created. In BufferBinaryOptions.runInitialChecks there is check if contract is paused. If it is, then you can't initiateTrade. https://github.com/sherlock-audit/2022-11-buffer/blob/main/contracts/contracts/core/BufferBinaryOptions.sol#L275-L285
function runInitialChecks(
uint256 slippage,
uint256 period,
uint256 totalFee
) external view override {
require(!isPaused, "O33");
require(slippage <= 5e2, "O34"); // 5% is the max slippage a user can use
require(period >= config.minPeriod(), "O21");
require(period <= config.maxPeriod(), "O25");
require(totalFee >= config.minFee(), "O35");
}BufferBinaryOptions.runInitialChecks is called by BufferRouter.initiateTrade. That means that if BufferBinaryOptions is paused then user can't initiate new trade.
But still there is a chance to create option when BufferBinaryOptions already paused. Consider example. 1.User call BufferRouter.initiateTrade and queues his trade. 2.BufferBinaryOptions is paused. 3.BufferRouter.resolveQueuedTrades is called by keeper. 4.Because no more checks for pausing, option is created.
There is possibility to create option even if BufferBinaryOptions is paused
Provided above
Manual Review
Add pause check also to BufferBinaryOptions.createFromRouter function or to BufferBinaryOptions.isStrikeValid function.