Platform: Code4rena
Start Date: 12/04/2023
Pot Size: $60,500 USDC
Total HM: 21
Participants: 199
Period: 7 days
Judge: hansfriese
Total Solo HM: 5
Id: 231
League: ETH
Rank: 184/199
Findings: 1
Award: $0.07
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: decade
Also found by: 0x3b, 0xDACA, 0xWaitress, 0xWeiss, 0xkaju, Arz, Aymen0909, BPZ, EloiManuel, HaCk0, J4de, Jerry0x, Jiamin, John, Juntao, Kek, Lalanda, MiloTruck, Mukund, PNS, RedTiger, Ruhum, Satyam_Sharma, ToonVH, Tricko, Udsen, ak1, anodaram, bin2chen, carrotsmuggler, cccz, circlelooper, deadrxsezzz, giovannidisiena, jasonxiale, joestakey, juancito, karanctf, kenta, kodyvim, ladboy233, lil_eth, lukino, markus_ether, marwen, mrpathfindr, nobody2018, parlayan_yildizlar_takimi, peakbolt, ravikiranweb3, rbserver, rvierdiiev, silviaxyz, volodya, zhuXKET, zzebra83
0.0748 USDC - $0.07
addressesToWipe[0] should be addressesToWipe[i]
Thus, _burn() is only called on the first element of the array.
This function would have to be called repeatedly with one element in the addressesToWipe array to burn all desired addresses. However, this function is only while the caller is qualified Equity.sol#L311 by having enough delegate votes. checkQualified() checks the votes of each delegate on Equity.sol#L210. Votes() checks the number of votes based on the number of shares (balance) of each delegate @ Equity.sol#L199 > Equity.sol#L180. Thus, the call order could impact this function and prevent it from working if the caller ends up burning shares of his delegates and can no longer pass the checkQualified() check on successive calls; in this case, the caller may never be able to reach 100% ownership of FPS shares.
Additionally, the function allows the caller to specify which addresses to burn shares from without restriction, which means the trusted person to call this function can effectively burn all the shares of the remaining trusted FPS shareholders + those who delegated votes to this individual. This goes against the commented example where only passive FPS holder's shares should be burned - resulting in a possible loss of shares/funds for active FPS shareholders in the event the delegate is malicious or accidentally enters the wrong address into the addressesToWipe parameter of restructureCapTable(). Perhaps a mechanism to prevent burning of active share holders should be considered?
bug is clear in code + explination above: https://github.com/code-423n4/2023-04-frankencoin/blob/1022cb106919fba963a89205d3b90bf62543f68f/contracts/Equity.sol#L313
VS Code
addressesToWipe[0] should be addressesToWipe[i]
Restrict the function to only burn shares of "passive FPS holders" as opposed to the caller having the ability to burn everybodys shares.
#0 - c4-pre-sort
2023-04-20T14:26:48Z
0xA5DF marked the issue as duplicate of #941
#1 - c4-judge
2023-05-18T14:25:28Z
hansfriese marked the issue as satisfactory