Open code423n4 opened 1 year ago
0xA5DF marked the issue as low quality report
There's no reason for the centralized entity to do so + the impact isn't that significant in that case
hansfriese changed the severity to QA (Quality Assurance)
hansfriese marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2023-04-frankencoin/blob/1022cb106919fba963a89205d3b90bf62543f68f/contracts/StablecoinBridge.sol#L51
Vulnerability details
Impact
StablecoinBridge
was created to bridge centralized swiss franc to ZCHF with a 1:1 ratio.This mechanism is really important for the Fankencoin peg regulation, here is the whitepaper explanation:
“While it is generally not possible to exchange Frankencoins directly into collateral residing in the mint plugins, the minters will have to buy back their minted Frankencoins before they can get their collateral back. Here, the minters face a risk of a short squeeze. By minting and selling Frankencoins, they are short ZCHF and might be forced to pay more than one Swiss franc per Frankencoin to unlock their collateral. So while savers face the risk of the Frankencoin falling below the peg, minters face the risk of the Frankencoin departing upwards from the peg.
In the proposed setup, we start with a very simple mechanism to avert the risk of an overvaluation: we provide a bridge plugin that allows holders of other Swiss franc based stablecoins to convert them 1:1 into Frankencoins. As long as such bridge plugins exist, minters can be confident that they do not need to overpay for the unlocking of their collateral. However, while relying on other stablecoins can help in practice, it is not desirable to depend on them.
In the absence of bridge plugins, minters have to trust the contributors to always allow the minting of new Frankencoins at competitive terms, such that a short-squeeze can be averted by simply minting additional Frankencoins and repaying the open position with those. In effect, the system relies on good governance by the contributors at both the supply and demand side. On the supply side, contributors must allow economically sensible mint plugins and disallow irresponsible ones. On the demand side, the contributors must ensure that the risk-adjusted interest rate tracks that of the Swiss franc.” [Frankencoin Whitepaper - page 13]
Proof of Concept
This contract use a
limit
variable to limit the number of ZCHF minted with centralize CHF stablecoin.The internal mint function uses
chf.balanceOf(address(this))
function to check if the limit is reached. Meaning that if enough centralize stablecoin CHF are manually sent theStablecoinBridge
contract is DOS :Once the centralize stablecoin are manually sent to this contract, all this fund will be stuck, meaning that the centralize organization that own this stablecoin can DOS this contract at no cost. (They will be able to issue tokens without the need for a counterparty because once they are sent to the contract they will be like burnt)
Recommended Mitigation Steps
Seeing what is happening in the US with decentralize stablecoin I wouldn't be surprised if one day the Swiss government ban decentralized stablecoin. So I would recommend to track the value of CHF internally and not rely on
balanceOf(address(this))
to make Fankencoin more resilient.