It appears that `mint()`, `burn()` and `burnFrom()` will be executed DURING the minimum distribution period if distribution not completed yet and any of the following functions are called: `mintAndDistribute()`, `burnAndDistribute()`, `burnFromAndDistribute()`.

[c4-bot-3]

Lines of code

https://github.com/code-423n4/2024-02-althea-liquid-infrastructure/blob/3adc34600561077ad4834ee9621060afd9026f06/liquid-infrastructure/contracts/LiquidInfrastructureERC20.sol#L267-L272 https://github.com/code-423n4/2024-02-althea-liquid-infrastructure/blob/3adc34600561077ad4834ee9621060afd9026f06/liquid-infrastructure/contracts/LiquidInfrastructureERC20.sol#L289-L294 https://github.com/code-423n4/2024-02-althea-liquid-infrastructure/blob/3adc34600561077ad4834ee9621060afd9026f06/liquid-infrastructure/contracts/LiquidInfrastructureERC20.sol#L302-L307

Vulnerability details

Case above is when the distribute() function is called directly but not enough times to complete distribution yet, and then one of the above functions is called.

Alternatively, even if the distribution completes via distributeToAllHolders() before calling mint(), burn() and burnFrom() via any of these mintAndDistribute(), burnAndDistribute(), burnFromAndDistribute(), the minting/burning will happen DURING minimum distribution period, because they share the last block of distribution completion, which according to my understanding is not allowed?

Summary: Clearly can mint/burn DURING minimum distribution period, i.e. when locked for distribution i.e. during (!_isPastMinDistributionPeriod == true). My current level of understanding tells me this is invalid.

Assessed type

Other

[c4-pre-sort]

0xRobocop marked the issue as insufficient quality report

[c4-judge]

0xA5DF marked the issue as unsatisfactory: Invalid

[0xA5DF]

Seems like intended design