Platform: Code4rena
Start Date: 12/04/2023
Pot Size: $60,500 USDC
Total HM: 21
Participants: 199
Period: 7 days
Judge: hansfriese
Total Solo HM: 5
Id: 231
League: ETH
Rank: 62/199
Findings: 3
Award: $56.50
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: decade
Also found by: 0x3b, 0xDACA, 0xWaitress, 0xWeiss, 0xkaju, Arz, Aymen0909, BPZ, EloiManuel, HaCk0, J4de, Jerry0x, Jiamin, John, Juntao, Kek, Lalanda, MiloTruck, Mukund, PNS, RedTiger, Ruhum, Satyam_Sharma, ToonVH, Tricko, Udsen, ak1, anodaram, bin2chen, carrotsmuggler, cccz, circlelooper, deadrxsezzz, giovannidisiena, jasonxiale, joestakey, juancito, karanctf, kenta, kodyvim, ladboy233, lil_eth, lukino, markus_ether, marwen, mrpathfindr, nobody2018, parlayan_yildizlar_takimi, peakbolt, ravikiranweb3, rbserver, rvierdiiev, silviaxyz, volodya, zhuXKET, zzebra83
0.0748 USDC - $0.07
https://github.com/code-423n4/2023-04-frankencoin/blob/main/contracts/Equity.sol#L313
restructureCapTable will always only burn the tokens of the first address in addressesToWipe. Any function that relies on restructureCapTable will malfunction.
When going through the for-loop on #L312-#L315, the current variable always gets the value of addressesToWipe[0], basically only burning its tokens rather than the tokens of all of the addresses in the array.
Manual review
- address current = addressesToWipe[0]; + address current = addressesToWipe[i];
#0 - c4-pre-sort
2023-04-20T14:24:42Z
0xA5DF marked the issue as duplicate of #941
#1 - c4-judge
2023-05-18T14:29:15Z
hansfriese marked the issue as satisfactory
🌟 Selected for report: peanuts
Also found by: GreedyGoblin, J4de, KIntern_NA, Kumpa, LegendFenGuin, T1MOH, __141345__, deadrxsezzz, deliriusz, ltyu, m9800, rvierdiiev
33.835 USDC - $33.83
https://github.com/code-423n4/2023-04-frankencoin/blob/main/contracts/Position.sol#L263-#L266 https://github.com/code-423n4/2023-04-frankencoin/blob/main/contracts/Position.sol#L380-#L383
Position owners may never be able to withdraw any collateral
https://github.com/code-423n4/2023-04-frankencoin/blob/main/contracts/Position.sol#L380-#L383 Consider the following scenario: Alice mints 1000 ZCHF against a collateral worth 1500 ZCHF and sets minCollateral to 1200 ZCHF A malicious user might constantly create challenges with challenge collateral == 1300 ZCHF and instantly bid 1300 ZCHF on them. This way he assures that he will never lose any tokens on the challenge and he could make such challenges for an indefinite amount of time. Since the position owner cannot withdraw any collateral while there are ongoing challenges, his collateral becomes permanently stuck.
Manual review
Add regular timeframes at which position owners cannot be challenged/ can withdraw collateral even if challenged.
#0 - c4-pre-sort
2023-04-28T10:53:47Z
0xA5DF marked the issue as duplicate of #745
#1 - c4-judge
2023-05-18T13:47:47Z
hansfriese changed the severity to 2 (Med Risk)
#2 - c4-judge
2023-05-18T13:53:59Z
hansfriese marked the issue as satisfactory