003.md

Wide Bone Shetland

Medium

withdrawGraduatedMarketFunds and withdrawDonations functions should avoid using the whenNotPaused modifier

Summary

Using the whenNotPaused modifier will cause users to lose access to their funds when the contract is paused, as it prevents the withdrawGraduatedMarketFunds and withdrawDonations functions from being executed. This could leave users unable to withdraw their funds/donations during emergencies or unexpected pauses,

Root Cause

The root cause lies in the use of the whenNotPaused modifier in the withdrawDonations and withdrawGraduatedMarketFunds functions.

"withdrawDonations"

https://github.com/sherlock-audit/2024-12-ethos-update/blob/c3a2b007d0ddfcb476f300f8b766808f0e3e2dfd/ethos/packages/contracts/contracts/ReputationMarket.sol#L651

"withdrawGraduatedMarketFunds"

https://github.com/sherlock-audit/2024-12-ethos-update/blob/c3a2b007d0ddfcb476f300f8b766808f0e3e2dfd/ethos/packages/contracts/contracts/ReputationMarket.sol#L740

Internal Pre-conditions

1. The contract must be paused, either by a malicious or a compromised owner, for the vulnerability path to occur.

2. The withdrawDonations and withdrawGraduatedMarketFunds functions includes the whenNotPaused modifier, preventing withdrawals while the contract is paused.

3. Users need to have funds available in the contract to attempt withdrawal.

4. The paused state must last long enough for users to try to withdraw funds, thereby triggering the blockage (whenNotPaused).

External Pre-conditions

No response

Attack Path

No response

Impact

• The User Loses Access to Funds:

PoC

No response

Mitigation

Provide an emergencyWithdrawFunds and emergencyWithdrawDonations method allowing users to withdraw their funds and donations when the protocol is paused or remove the whenNotPaused modifier from the affected functions. This change should be carefully reviewed and tested to ensure it does not introduce other security risks.