From ad5b5b3ca01830ad3eca54d42020b2088fe14981 Mon Sep 17 00:00:00 2001 From: AG <121778509+ohmzeus@users.noreply.github.com> Date: Mon, 4 Sep 2023 21:22:10 -0400 Subject: [PATCH] Fix Issue 01 Summary: emergency_shutdown role is not enough for emergency shutdown. Issue Link: https://github.com/sherlock-audit/2023-08-cooler-judging/issues/1 Fix Description: Refactor defund() into a permissioned external function and an unpermissioned _defund() internal function. emergencyShutdown() interacts with internal function instead of external function to avoid permissioning issue. --- src/Clearinghouse.sol | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/Clearinghouse.sol b/src/Clearinghouse.sol index 2104b87..4bee821 100644 --- a/src/Clearinghouse.sol +++ b/src/Clearinghouse.sol @@ -336,7 +336,14 @@ contract Clearinghouse is Policy, RolesConsumer, CoolerCallback { /// @notice Return funds to treasury. /// @param token_ to transfer. /// @param amount_ to transfer. - function defund(ERC20 token_, uint256 amount_) public onlyRole("cooler_overseer") { + function defund(ERC20 token_, uint256 amount_) external onlyRole("cooler_overseer") { + _defund(token_, amount_); + } + + /// @notice Return funds to treasury. + /// @param token_ to transfer. + /// @param amount_ to transfer. + function _defund(ERC20 token_, uint256 amount_) internal { if (token_ == gOHM) revert OnlyBurnable(); if (token_ == sdai || token_ == dai) { // Since users loans are denominated in DAI, the clearinghouse @@ -362,11 +369,11 @@ contract Clearinghouse is Policy, RolesConsumer, CoolerCallback { // If necessary, defund sDAI. uint256 sdaiBalance = sdai.balanceOf(address(this)); - if (sdaiBalance != 0) defund(sdai, sdaiBalance); + if (sdaiBalance != 0) _defund(sdai, sdaiBalance); // If necessary, defund DAI. uint256 daiBalance = dai.balanceOf(address(this)); - if (daiBalance != 0) defund(dai, daiBalance); + if (daiBalance != 0) _defund(dai, daiBalance); emit Deactivated(); }