Platform: Code4rena
Start Date: 12/04/2023
Pot Size: $60,500 USDC
Total HM: 21
Participants: 199
Period: 7 days
Judge: hansfriese
Total Solo HM: 5
Id: 231
League: ETH
Rank: 142/199
Findings: 1
Award: $22.60
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: juancito
Also found by: 0xAgro, 0xNorman, 0xSmartContract, 0xStalin, 0xTheC0der, 0xWaitress, 0xhacksmithh, 0xnev, 3dgeville, 8olidity, Arz, Aymen0909, BGSecurity, BRONZEDISC, Bauchibred, Bauer, BenRai, ChainHunters, ChrisTina, CodeFoxInc, DedOhWale, DishWasher, EloiManuel, IceBear, Inspex, Jorgect, Kaysoft, LeoGold, LewisBroadhurst, Madalad, MiloTruck, MohammedRizwan, Nyx, Polaris_tow, RaymondFam, SaharDevep, SanketKogekar, Sathish9098, SolidityATL, Udsen, W0RR1O, aria, ayden, berlin-101, bin2chen, catellatech, codeslide, crc32, decade, descharre, evmboi32, eyexploit, fatherOfBlocks, georgits, giovannidisiena, joestakey, karanctf, kodyvim, ltyu, lukris02, m9800, matrix_0wl, mov, mrpathfindr, nadin, niser93, p0wd3r, parlayan_yildizlar_takimi, pavankv, pontifex, qpzm, ravikiranweb3, rbserver, santipu_, shealtielanz, slvDev, tnevler, wonjun, xmxanuel, yixxas
22.6007 USDC - $22.60
some of the layout of the contracts in the frankencoin project were not structured according to the format specified in solidity documentation. A contract in the specified format is considered best practice to enhance code readability. check here for more details. the format of a contract should follow this order: Type declarations State variables Events Errors Modifiers Functions
If you look at these contracts stated above properly, their modifier is place at the end of all functions and their error message were placed in between the functions. ( thou some were mentioned in the automated findings but not all were regerenced like the modifier and error message stated here)
The variable Owner declare here overshadowed the state variable declared in the Ownable.sol here which can be misleading.
This is a warning to the protocol to pay attention to every action happening on the blockchain especially with the function OpenPosition which is not implemented on the frontend. thou there is a minimum delay of 3 days. A malicious user can deploy a non valuable token and use it as a collateral and if such position is not denied within 3 days of it's opening it can lead to an abitrary miniting of frankentoken by the attacker and nobody will be able to challenge such as he is the only holder of such collateral. An attacker can also open different position with a malicious position in between, if the protocol got carried away without carefully checking all the position this can lead to the attacker getting away with his intention.
proper scanning, check and security should be given to all the position opening at every point in time because a slight mistake can lead to a total loss for the protocol.
#0 - c4-judge
2023-05-16T16:25:17Z
hansfriese marked the issue as grade-b