Detailed description of the impact of this finding.
Anyone can suggest an unremovable minter when the total supply is 0.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
As you can see from the code anybody can call with _applicationPeriod = 0, _applicationFee = 0 when totalSupply is 0
Lines of code
https://github.com/code-423n4/2023-04-frankencoin/blob/1022cb106919fba963a89205d3b90bf62543f68f/contracts/Frankencoin.sol#L83
Vulnerability details
Impact
Detailed description of the impact of this finding. Anyone can suggest an unremovable minter when the total supply is 0.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. As you can see from the code anybody can call with _applicationPeriod = 0, _applicationFee = 0 when totalSupply is 0
contracts/Frankencoin.sol#L83 This means that created minter will be unremovable due to
block.timestamp > minters[_minter]
contracts/Frankencoin.sol#L152
Tools Used
Manual
Recommended Mitigation Steps
Add minters in constructor, which should be added without fee and less than MIN_APPLICATION_PERIOD