ctf_sec
medium
BufferBinaryPool.sol#provide cannot be paused.
Let the admin pause the inbounding deposit is a standard practice when building a liquidity pool. The admin can pause the binary optional.
/**
* @notice Pauses/Unpauses the option creation
*/
function toggleCreation() public onlyRole(DEFAULT_ADMIN_ROLE) {
isPaused = !isPaused;
emit Pause(isPaused);
}
In BufferPool.sol, user can call provide to supply tokenX and receives BLP token any time
/**
* @notice A provider supplies tokenX to the pool and receives BLP tokens
* @param minMint Minimum amount of tokens that should be received by a provider.
Calling the provide function will require the minimum amount of tokens to be minted.
The actual amount that will be minted could vary but can only be higher (not lower) than the minimum value.
*/
function provide(uint256 tokenXAmount, uint256 minMint)
external
returns (uint256 mint)
{
mint = _provide(tokenXAmount, minMint, msg.sender);
}BufferBinaryPool.sol#provide cannot be paused, user can call it any time to supply tokenX.
The admin is not able to maintain the pool properly, user may not aware that they are not able to withdraw the desired amount of the tokenX after providing liqudity.
function _withdraw(uint256 tokenXAmount, address account)
internal
returns (uint256 burn)
{
require(
tokenXAmount <= availableBalance(),
"Pool: Not enough funds on the pool contract. Please lower the amount."
);
uint256 totalSupply = totalSupply();
uint256 balance = totalTokenXBalance();
uint256 maxUserTokenXWithdrawal = (balanceOf(account) * balance) /
totalSupply;
uint256 tokenXAmountToWithdraw = maxUserTokenXWithdrawal < tokenXAmount
? maxUserTokenXWithdrawal
: tokenXAmount;Manual Review
We recommend the project add whenNotPaused modifier to given the admin power to pause the inbounding deposit of the tokenX in BinaryPool