Platform: Code4rena
Start Date: 12/04/2023
Pot Size: $60,500 USDC
Total HM: 21
Participants: 199
Period: 7 days
Judge: hansfriese
Total Solo HM: 5
Id: 231
League: ETH
Rank: 199/199
Findings: 1
Award: $0.07
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: decade
Also found by: 0x3b, 0xDACA, 0xWaitress, 0xWeiss, 0xkaju, Arz, Aymen0909, BPZ, EloiManuel, HaCk0, J4de, Jerry0x, Jiamin, John, Juntao, Kek, Lalanda, MiloTruck, Mukund, PNS, RedTiger, Ruhum, Satyam_Sharma, ToonVH, Tricko, Udsen, ak1, anodaram, bin2chen, carrotsmuggler, cccz, circlelooper, deadrxsezzz, giovannidisiena, jasonxiale, joestakey, juancito, karanctf, kenta, kodyvim, ladboy233, lil_eth, lukino, markus_ether, marwen, mrpathfindr, nobody2018, parlayan_yildizlar_takimi, peakbolt, ravikiranweb3, rbserver, rvierdiiev, silviaxyz, volodya, zhuXKET, zzebra83
0.0748 USDC - $0.07
https://github.com/code-423n4/2023-04-frankencoin/blob/main/contracts/Equity.sol#L313
It's hard coded to the 0th element in the addressesToWipe array in the restructureCapTable function. So it skips burning the tokens from the rest of the address in the array. So the function does not work as expected.
309 function restructureCapTable(address[] calldata helpers, address[] calldata addressesToWipe) public { 310 require(zchf.equity() < MINIMUM_EQUITY); 311 checkQualified(msg.sender, helpers); 312 for (uint256 i = 0; i<addressesToWipe.length; i++){ 313 address current = addressesToWipe[0]; 314 _burn(current, balanceOf(current)); 315 } 316 }
https://github.com/code-423n4/2023-04-frankencoin/blob/main/contracts/Equity.sol#L313
Here you can see its hardcorded to 0th element in the for loop(line 313) .
Manual Auditing
313 address current = addressesToWipe[i];
Use i instead of 0 so that its burned tokens from addresses which are in the addressesToWipe array.
#0 - c4-pre-sort
2023-04-20T14:16:50Z
0xA5DF marked the issue as duplicate of #941
#1 - c4-judge
2023-05-18T14:24:33Z
hansfriese marked the issue as satisfactory