c4-pre-sort
commented
1 year ago 0xA5DF marked the issue as low quality report
Closed code423n4 closed 1 year ago
c4-pre-sort
commented
1 year ago 0xA5DF marked the issue as low quality report
c4-pre-sort
commented
1 year ago 0xA5DF marked the issue as primary issue
c4-sponsor
commented
1 year ago luziusmeisser marked the issue as sponsor disputed
c4-judge
commented
1 year ago hansfriese marked the issue as unsatisfactory: Invalid
0xA5DF
Lines of code
https://github.com/code-423n4/2023-04-frankencoin/blob/main/contracts/MintingHub.sol#L88
Vulnerability details
Impact
Anyone can immediately open a malicious position by calling openPosition(...) and passing 0 as _initPeriodSeconds.
Proof of Concept
The function on line https://github.com/code-423n4/2023-04-frankencoin/blob/main/contracts/MintingHub.sol#L88 has public visibility, whereas I suspect it should be private. This effectively means anyone can mint an arbitrary amount of ZCHF by opening a position with a worthless ERC20 as collateral and calling mint() on it.
Tools Used
This may even be exploitable without writing a custom ERC20.
Recommended Mitigation Steps
Change function visibility to private.