Message: UpdateZRC20PausedStatus
The UpdateZRC20PausedStatus
message handler is used to pause and unpause ZRC-20 token contracts in the zEVM. Policy type 1 admin accounts are able to pause tokens, but unpausing requires a policy type 2 admin account (i.e., a multi-sig).
The code first ensures that the account executing the message has the required permissions. It then iterates through all foreign coins and modifies the pause status of the coin.
The pause status itself is checked in the Fungible module's PostTxProcessing()
hook.
We found an issue that allows the pause status to be bypassed (i.e., an attacker is able to interact freely with a paused ZRC-20 token contract). The finding is detailed here: Finding ref↗.