Closed code423n4 closed 1 year ago
https://github.com/code-423n4/2023-04-frankencoin/blob/main/contracts/MintingHub.sol#L88
Anyone can immediately open a malicious position by calling openPosition(...) and passing 0 as _initPeriodSeconds.
The function on line https://github.com/code-423n4/2023-04-frankencoin/blob/main/contracts/MintingHub.sol#L88 has public visibility, whereas I suspect it should be private. This effectively means anyone can mint an arbitrary amount of ZCHF by opening a position with a worthless ERC20 as collateral and calling mint() on it.
This may even be exploitable without writing a custom ERC20.
Change function visibility to private.
0xA5DF marked the issue as low quality report
Invalid. Init period must be at least 3 days, see the check here.
0xA5DF marked the issue as primary issue
luziusmeisser marked the issue as sponsor disputed
hansfriese marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-04-frankencoin/blob/main/contracts/MintingHub.sol#L88
Vulnerability details
Impact
Anyone can immediately open a malicious position by calling openPosition(...) and passing 0 as _initPeriodSeconds.
Proof of Concept
The function on line https://github.com/code-423n4/2023-04-frankencoin/blob/main/contracts/MintingHub.sol#L88 has public visibility, whereas I suspect it should be private. This effectively means anyone can mint an arbitrary amount of ZCHF by opening a position with a worthless ERC20 as collateral and calling mint() on it.
Tools Used
This may even be exploitable without writing a custom ERC20.
Recommended Mitigation Steps
Change function visibility to private.