Platform: Code4rena
Start Date: 12/04/2023
Pot Size: $60,500 USDC
Total HM: 21
Participants: 199
Period: 7 days
Judge: hansfriese
Total Solo HM: 5
Id: 231
League: ETH
Rank: 191/199
Findings: 1
Award: $0.07
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: decade
Also found by: 0x3b, 0xDACA, 0xWaitress, 0xWeiss, 0xkaju, Arz, Aymen0909, BPZ, EloiManuel, HaCk0, J4de, Jerry0x, Jiamin, John, Juntao, Kek, Lalanda, MiloTruck, Mukund, PNS, RedTiger, Ruhum, Satyam_Sharma, ToonVH, Tricko, Udsen, ak1, anodaram, bin2chen, carrotsmuggler, cccz, circlelooper, deadrxsezzz, giovannidisiena, jasonxiale, joestakey, juancito, karanctf, kenta, kodyvim, ladboy233, lil_eth, lukino, markus_ether, marwen, mrpathfindr, nobody2018, parlayan_yildizlar_takimi, peakbolt, ravikiranweb3, rbserver, rvierdiiev, silviaxyz, volodya, zhuXKET, zzebra83
0.0748 USDC - $0.07
https://github.com/code-423n4/2023-04-frankencoin/blob/main/contracts/Equity.sol#L313
The restructureCapTable function in Equity.sol does not properly burn balances for addresses to wipe. This is because the current address variable within the loop is always assigned to the first element in the addressesToWipe list.
Due to this bug, FPS holders who bootstrap the system will not own 100% of all FPS shares.
https://github.com/code-423n4/2023-04-frankencoin/blob/main/contracts/Equity.sol#L313
function restructureCapTable(address[] calldata helpers, address[] calldata addressesToWipe) public { require(zchf.equity() < MINIMUM_EQUITY); checkQualified(msg.sender, helpers); for (uint256 i = 0; i<addressesToWipe.length; i++){ address current = addressesToWipe[0]; # @audit: should be i instead of 0 _burn(current, balanceOf(current)); } }
address current = addressesToWipe[i];
change the 0 to i instead to fix the problem.
#0 - c4-pre-sort
2023-04-20T14:17:16Z
0xA5DF marked the issue as duplicate of #941
#1 - c4-judge
2023-05-18T14:24:55Z
hansfriese marked the issue as satisfactory