Frankencoin - DadeKuma's results

Lines of code

https://github.com/Frankencoin-ZCHF/FrankenCoin/blob/main/contracts/Frankencoin.sol#L146-L151

Vulnerability details

Impact

Minters have a huge power in the Frankencoin system, as they can:

• Transfer any amount of Frankencoin from/to anyone, as they have infinite allowance
• Mint any amount of Frankencoin to anyone
• Burn any amount of Frankencoin from anyone

We are supposing that minters are trustworthy, but bugs can (and will) happen even in the major firms in the DeFi space.

If a critical vulnerability leads to loss of access control and/or abuse of minter functions, the system will be permanently compromised, as this minter can't be removed after the application period.

Proof of Concept

It's possible to deny the application of a minter, but not remove it after the period has ended:

function denyMinter(
    address _minter,
    address[] calldata _helpers,
    string calldata _message
) external override {
    if (block.timestamp > minters[_minter]) revert TooLate();
    reserve.checkQualified(msg.sender, _helpers);
    delete minters[_minter];
    emit MinterDenied(_minter, _message);
}

Suppose that a trustworthy third party is allowed to become a minter by the system. Sometime after the application period has ended, one of the following scenarios could happen:

1. A critical vulnerability is found in the minter contract, which could imply loss of access control and/or abuse of minter functions by unauthorized third parties. Frankencoin can't stop this minter in any way, and the system is permanently compromised.
2. A minter contract is an upgradable contract that doesn't have any vulnerabilities, however, it's updated with a new version that has a critical bug, which leads to scenario 1.

Tools Used

Manual review

Recommended Mitigation Steps

Consider adding a way to remove established minters (and their positions) for qualified pool shareholders.