Open code423n4 opened 1 year ago
0xA5DF marked the issue as primary issue
I have considered this suggested recommendation, but this comes with the disadvantage that the ZCHF address is not known at the deploy time of the minters and therefore cannot be set as a gas-efficient constant.
The assumption is that whoever deploys is fast enough to also set the first two minters. In case the deployer is frontrun, a new set of contracts with frontrun protection would need to be deployed, but I find this rather unlikely.
--> This is intended behavior and a calcuatated risk during initialization.
luziusmeisser marked the issue as sponsor disputed
hansfriese changed the severity to QA (Quality Assurance)
hansfriese marked the issue as grade-a
Lines of code
https://github.com/code-423n4/2023-04-frankencoin/blob/main/contracts/Frankencoin.sol#L84
Vulnerability details
Bug Description
In the
Frankencoin
contract, anyone can call thesuggestMinter()
function to propose a new minter:Frankencoin.sol#L83-L90
Suggested users become an approved minter when the application period has passed, as seen in the
isMinter()
function:Frankencoin.sol#L290-L295
The issue lies in the following check in
suggestMinter()
:As the check above always passes when Frankencoin's total supply is 0, an attacker can call
suggestMinter()
with_applicationPeriod = 0
to instantly become an approved minter, allowing him to call minter functions.Impact
Whenever Frankencoin's total supply is 0, a malicious attacker can instantly become an approved minter and call sensitive functions, such as
mint()
orburnFrom()
.Additionally, this implementation is potentially vulnerable to front-running during deployment. If the deployer is meant to call
suggestMinter()
and then mint Frankencoin when the contract is first deployed, an attacker can front-run the deployer's transaction with his own call tosuggestMinter()
to become an approved minter first.Recommendation
In the
suggestMinter()
function, remove thetotalSupply() > 0
condition in both checks:Frankencoin.sol#L83-L85
If this functionality exists to assign a trusted address as minter during deployment, consider assigning the trusted address as minter in the constructor instead:
Frankencoin.sol#L83-L85