The LRTOracle oracle provides functionality to pause the contract but no restrictions are applied when the contract is in a paused state.
Similar to the other contracts in the protocol, the LRTOracle contract offers pausing functionality:
101: /// @dev Triggers stopped state. Contract must not be paused.
102: function pause() external onlyLRTManager {
103: _pause();
104: }
105:
106: /// @dev Returns to normal state. Contract must be paused
107: function unpause() external onlyLRTAdmin {
108: _unpause();
109: }However, none of the functions in the contract are affected by this pause. There's no difference at all between a paused or non-paused state.
Since this is the main oracle entrypoint, which provides both prices for individual assets and the RSETH token, the missing intention here is to likely block access to these functions when the contract is paused. In an emergency, and in case the contract is paused, consumers of this oracle, internally to the protocol or externally, should be blocked from fetching prices as it may imply there is something wrong with the current data.
Add the whenNotPaused modifier to the functions that provide oracle prices.
- function getAssetPrice(address asset) public view onlySupportedAsset(asset) returns (uint256) {
+ function getAssetPrice(address asset) public view onlySupportedAsset(asset) whenNotPaused returns (uint256) {- function getRSETHPrice() external view returns (uint256 rsETHPrice) {
+ function getRSETHPrice() external view whenNotPaused returns (uint256 rsETHPrice) {