Platform: Code4rena
Start Date: 12/04/2023
Pot Size: $60,500 USDC
Total HM: 21
Participants: 199
Period: 7 days
Judge: hansfriese
Total Solo HM: 5
Id: 231
League: ETH
Rank: 88/199
Findings: 1
Award: $36.76
🌟 Selected for report: 1
🚀 Solo Findings: 0
🌟 Selected for report: Josiah
Also found by: 0xDACA, Diana, Emmanuel, Kumpa, Nyx, RaymondFam, Ruhum, __141345__, bin2chen, carlitox477, lil_eth, nobody2018, rbserver
36.7593 USDC - $36.76
https://github.com/code-423n4/2023-04-frankencoin/blob/main/contracts/MintingHub.sol#L126 https://github.com/code-423n4/2023-04-frankencoin/blob/main/contracts/Position.sol#L97-L101
A newly opened position could have its limit fully reduced to zero as soon as the cooldown period has elapsed.
As seen in the function below, a newly opened position with 0 Frankencoin minted could have its limit turn 0 if the function parameter, _minimum, is inputted with an amount equal to limit. In this case, reduction is equal to 0, making limit - _minimum = 0 while the cloner is assigned reduction + _minimum = 0 + limit = limit:
function reduceLimitForClone(uint256 _minimum) external noChallenge noCooldown alive onlyHub returns (uint256) { uint256 reduction = (limit - minted - _minimum)/2; // this will fail with an underflow if minimum is too high limit -= reduction + _minimum; return reduction + _minimum; }
With the limit now fully allocated to the cloner, the original position owner is left with zero limit to mint Frankencoin after spending 1000 Frankencoin to open this position. This situation could readily happen especially when it involves popular position contracts.
It is recommended position contract charging fees to cloners. Additionally, a reserve limit should be left untouched allocated solely to the original owner to be in line with the context of position opening.
#0 - c4-pre-sort
2023-04-20T09:29:41Z
0xA5DF marked the issue as duplicate of #679
#1 - c4-pre-sort
2023-04-20T09:45:21Z
0xA5DF marked the issue as not a duplicate
#2 - c4-pre-sort
2023-04-20T09:45:32Z
0xA5DF marked the issue as primary issue
#3 - 0xA5DF
2023-04-20T09:47:32Z
Setting this one as primary since it shows how a single clone can reduce the remaining limit to zero
#4 - luziusmeisser
2023-04-29T23:20:02Z
Charing clones a fee payable to the original is an interesting idea!
If the position comes with a high enough fee, this should not be relevant in practice as the limit will not be reached or new positions being created if there is enough demand.
#5 - c4-sponsor
2023-04-29T23:20:07Z
luziusmeisser marked the issue as sponsor acknowledged
#6 - c4-judge
2023-05-18T05:02:22Z
hansfriese marked the issue as selected for report