search

code-423n4 / 2023-04-frankencoin-findings

5 stars 4 forks source link

No donation required to restructure the table #949

Open code423n4 opened 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-04-frankencoin/blob/1022cb106919fba963a89205d3b90bf62543f68f/contracts/Equity.sol#L309-L315

Vulnerability details

Impact

The issue is that in function:

https://github.com/code-423n4/2023-04-frankencoin/blob/1022cb106919fba963a89205d3b90bf62543f68f/contracts/Equity.sol#L309-L315

the documentation literally says:

 Example: there was a devastating loss and equity stands at -1'000'000. Most shareholders have lost hopethe
 * Frankencoin system except for a group of small FPS holders who still believes in it and is willing to 
 provide
 * 2'000'000 ZCHF to save it. These brave souls are essentially donating 1'000'000 to the minter reserve and 
 it
 * would be wrong to force them to share the other million with the passive FPS holders. Instead, they will 
 get
 * the possibility to bootstrap the system again owning 100% of all FPS shares.

meaning that the holder should make a donation to actually be able to restructure the table. In this case, any holder that is classified:

https://github.com/code-423n4/2023-04-frankencoin/blob/1022cb106919fba963a89205d3b90bf62543f68f/contracts/Equity.sol#L311

is able to restructure the table without donating any funds and they are in the power to burn anyone's shares, including the frankencoin team shares.

Therefore there is a clear discrepancy between the docs and the code which would enable any classified holder to burn anyone's shares without donating funds.

Proof of Concept

Steps for the attack to happen:

frankencoin equity is below minimum:

   require(zchf.equity() < MINIMUM_EQUITY);

Classified user that has voting power just calls the function restructureCapTable with the address that he wants to burn shares from.

Tools Used

Manual

Recommended Mitigation Steps

Make a require statement that indeed the classified user has to donate x amount of funds depending where the equity is and he will be able to burn y amount of shares.

c4-pre-sort commented 1 year ago

0xA5DF marked the issue as duplicate of #571

c4-pre-sort commented 1 year ago

0xA5DF marked the issue as duplicate of #132

c4-judge commented 1 year ago

hansfriese changed the severity to QA (Quality Assurance)

c4-judge commented 1 year ago

hansfriese marked the issue as grade-b