Back to Juntao's contests

Frankencoin - Juntao's results

A decentralized and fully collateralized stablecoin.

General Information

Platform: Code4rena

Start Date: 12/04/2023

Pot Size: $60,500 USDC

Total HM: 21

Participants: 199

Period: 7 days

Judge: hansfriese

Total Solo HM: 5

Id: 231

League: ETH

Frankencoin

Findings Distribution

Researcher Performance

Rank: 189/199

Findings: 1

Award: $0.07

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryFrankencoin

Findings Information

🌟 Selected for report: decade

Also found by: 0x3b, 0xDACA, 0xWaitress, 0xWeiss, 0xkaju, Arz, Aymen0909, BPZ, EloiManuel, HaCk0, J4de, Jerry0x, Jiamin, John, Juntao, Kek, Lalanda, MiloTruck, Mukund, PNS, RedTiger, Ruhum, Satyam_Sharma, ToonVH, Tricko, Udsen, ak1, anodaram, bin2chen, carrotsmuggler, cccz, circlelooper, deadrxsezzz, giovannidisiena, jasonxiale, joestakey, juancito, karanctf, kenta, kodyvim, ladboy233, lil_eth, lukino, markus_ether, marwen, mrpathfindr, nobody2018, parlayan_yildizlar_takimi, peakbolt, ravikiranweb3, rbserver, rvierdiiev, silviaxyz, volodya, zhuXKET, zzebra83

Awards

0.0748 USDC - $0.07

Labels

bug
2 (Med Risk)
satisfactory
duplicate-941

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-04-frankencoin/blob/1022cb106919fba963a89205d3b90bf62543f68f/contracts/Equity.sol#L313

Vulnerability details

Impact

Qualified FPS holders are not able to burn multiple addresses at the a time, in order to restructure the system when there is less than 1000 ZCHF in equity left.

Proof of Concept

If there is less than 1000 ZCHF in equity left (maybe even negative), the system is at risk and we should allow qualified FPS holders to restructure the system. In Equity.sol, qualified FPS holder can call restructureCapTable(address[] calldata helpers, address[] calldata addressesToWipe) to burn any user's FPS token, however, if multiple addresses are provided as arguments, this function will only burn the first address's FPS token. The culprit lies in Line 313:

address current = addressesToWipe[0];

The current will always the first address in addressesToWipe array, if there are multiple addresses in addressesToWipe, the tokens owned first address will be burnt in the first iteration, in the following iterations, the same address will be burnt will 0 amount of token again and again, other addresses won't be affected at all.

Tools Used

Manualy Review

Change Line 313 to:

address current = addressesToWipe[i];

#0 - c4-pre-sort

2023-04-20T14:22:23Z

0xA5DF marked the issue as duplicate of #941

#1 - c4-judge

2023-05-18T14:27:31Z

hansfriese marked the issue as satisfactory

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter