search

code-423n4 / 2023-04-frankencoin-findings

5 stars 4 forks source link

The centralize organization that owns the stablecoin conterparty may DOS StablecoinBridge at no cost #869

Open code423n4 opened 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-04-frankencoin/blob/1022cb106919fba963a89205d3b90bf62543f68f/contracts/StablecoinBridge.sol#L51

Vulnerability details

Impact

StablecoinBridge was created to bridge centralized swiss franc to ZCHF with a 1:1 ratio.

This mechanism is really important for the Fankencoin peg regulation, here is the whitepaper explanation:

While it is generally not possible to exchange Frankencoins directly into collateral residing in the mint plugins, the minters will have to buy back their minted Frankencoins before they can get their collateral back. Here, the minters face a risk of a short squeeze. By minting and selling Frankencoins, they are short ZCHF and might be forced to pay more than one Swiss franc per Frankencoin to unlock their collateral. So while savers face the risk of the Frankencoin falling below the peg, minters face the risk of the Frankencoin departing upwards from the peg.

In the proposed setup, we start with a very simple mechanism to avert the risk of an overvaluation: we provide a bridge plugin that allows holders of other Swiss franc based stablecoins to convert them 1:1 into Frankencoins. As long as such bridge plugins exist, minters can be confident that they do not need to overpay for the unlocking of their collateral. However, while relying on other stablecoins can help in practice, it is not desirable to depend on them.

In the absence of bridge plugins, minters have to trust the contributors to always allow the minting of new Frankencoins at competitive terms, such that a short-squeeze can be averted by simply minting additional Frankencoins and repaying the open position with those. In effect, the system relies on good governance by the contributors at both the supply and demand side. On the supply side, contributors must allow economically sensible mint plugins and disallow irresponsible ones. On the demand side, the contributors must ensure that the risk-adjusted interest rate tracks that of the Swiss franc.” [Frankencoin Whitepaper - page 13]

Proof of Concept

This contract use a limit variable to limit the number of ZCHF minted with centralize CHF stablecoin.

The internal mint function uses chf.balanceOf(address(this)) function to check if the limit is reached. Meaning that if enough centralize stablecoin CHF are manually sent the StablecoinBridge contract is DOS :

function mintInternal(address target, uint256 amount) internal {
    require(block.timestamp <= horizon, "expired");
    require(chf.balanceOf(address(this)) <= limit, "limit");
    zchf.mint(target, amount);
}

Once the centralize stablecoin are manually sent to this contract, all this fund will be stuck, meaning that the centralize organization that own this stablecoin can DOS this contract at no cost. (They will be able to issue tokens without the need for a counterparty because once they are sent to the contract they will be like burnt)

Recommended Mitigation Steps

Seeing what is happening in the US with decentralize stablecoin I wouldn't be surprised if one day the Swiss government ban decentralized stablecoin. So I would recommend to track the value of CHF internally and not rely on balanceOf(address(this)) to make Fankencoin more resilient.

c4-pre-sort commented 1 year ago

0xA5DF marked the issue as low quality report

0xA5DF commented 1 year ago

There's no reason for the centralized entity to do so + the impact isn't that significant in that case

c4-judge commented 1 year ago

hansfriese changed the severity to QA (Quality Assurance)

c4-judge commented 1 year ago

hansfriese marked the issue as grade-b