Platform: Code4rena
Start Date: 09/11/2021
Pot Size: $30,000 ETH
Total HM: 6
Participants: 17
Period: 3 days
Judge: pauliax
Total Solo HM: 3
Id: 50
League: ETH
Rank: 5/17
Findings: 3
Award: $908.97
🌟 Selected for report: 1
🚀 Solo Findings: 0
hyh
In current implementation all vesting beneficiaries can increase their vested amounts unlimitedly by calling updateVestedTokens(my_fsd_vesting_address, any_amount_to_be_added_to_vesting).
Beneficiary can then surpass vesting schedule by calling claimVestedTokens https://github.com/code-423n4/2021-11-fairside/blob/main/contracts/token/FSDVesting.sol#L124
It will not imply unlimited mint as only initial amount was minted to vestingAddress during _createVesting: https://github.com/code-423n4/2021-11-fairside/blob/main/contracts/token/FSDVesting.sol#L134 https://github.com/code-423n4/2021-11-fairside/blob/main/contracts/token/FSD.sol#L606
However, vesting schedule can be fully surpassed as when 'block.timestamp >= start.add(CLIFF)' condition be met the beneficiary can withdraw all FSD tokens at once, having added 19 * initial_amount via updateVestedTokens before, so that it now has amount = 20 * minted_amount and 5% available at CLIFF is equal to the whole minted FSD stake.
FSDVesting.updateVestedTokens has no control modifiers: https://github.com/code-423n4/2021-11-fairside/blob/main/contracts/token/FSDVesting.sol#L147
Control modifier should be added to updateVestedTokens function, either onlyFSD or onlyFactory. The latter case requires additional proxy function to be added to FSDVestingFactory as now FSDVesting.updateVestedTokens is called by FSD contract directly.
#0 - YunChe404
2021-11-14T11:31:51Z
#32
#1 - pauliax
2021-11-17T12:08:04Z
A duplicate of #101
hyh
FairSideFormula library f() and g() functions are public, but are called only from outside contracts and can be made external to reduce calling costs.
https://github.com/code-423n4/2021-11-fairside/blob/main/contracts/dependencies/FairSideFormula.sol#L159 https://github.com/code-423n4/2021-11-fairside/blob/main/contracts/dependencies/FairSideFormula.sol#L147
#0 - YunChe404
2021-11-14T11:31:29Z
#8
#1 - pauliax
2021-11-17T10:28:59Z
A duplicate of #88
hyh
As funding pool should be filled with Hatch phase deposits, the phase advance should happen only after it is filled, but when this happen the minting in Beta phase would be frozen by 'fundingPool.balance < 2000 ether' condition. As mintBeta is the only logic for Beta phase the contract will be frozen until phase change.
If there is a setup when Hatch phase advances to Beta before funding pool is filled, mintBeta will work only while it has below 2000 ether, i.e. mintBeta behavior will not be controlled explicitly: anyone can end the Beta phase by sending enough ether directly to funding pool and the contract mint will be frozen until next phase advance.
'fundingPool.balance < 2000 ether' condition for minting in Beta phase can be blocking as funding pool transfers happen only in mintHatch function during Hatch phase, while subsequent phases do not have any funding pool related logic neither in code, nor in documentation. https://github.com/code-423n4/2021-11-fairside/blob/main/contracts/token/FSD.sol#L204 https://fairside-network.gitbook.io/fairside-network/white-paper/augmented-bonding-curve
Remove 'fundingPool.balance < 2000 ether' condition from mintBeta
#0 - pauliax
2021-11-19T12:02:26Z
Based on my understanding, this is a valid low severity issue.