c4-pre-sort
commented
1 year ago 0xA5DF marked the issue as duplicate of #921
Closed code423n4 closed 1 year ago
c4-pre-sort
commented
1 year ago 0xA5DF marked the issue as duplicate of #921
c4-judge
commented
1 year ago hansfriese changed the severity to QA (Quality Assurance)
c4-judge
commented
1 year ago hansfriese marked the issue as grade-c
Lines of code
https://github.com/code-423n4/2023-04-frankencoin/blob/main/contracts/Frankencoin.sol#L84
Vulnerability details
Impact
First suggested minter will bypass all checks because
totalSupply()is zero. This is rare case and may not lead to problem because the deployer will execute as soon as possible the functionsuggestMinterand will try to mint new tokens. In test cases I saw that they wait for 1 block and after that they mint new tokens https://github.com/code-423n4/2023-04-frankencoin/blob/main/test/PluginVetoTests.ts#L31It has change for malicious user to look in mempool and to send transaction to add your minter before minting of new tokens to happens. The newly added minter can not be removed in the future. This can lead to unexpected behaviour.
Proof of Concept
Tools Used
Manual review
Recommended Mitigation Steps