BondingCurve allows users to acquire FEI before launch allocate can be called before genesis launch, as long as the contract holds some nonzero PCV.
By force-sending the contract 1 wei, anyone can bypass the majority of checks and actions in allocate, and mint themselves FEI each time the timer expires.
Prevent allocate from being called before genesis launch
- ConsenSys Audit DAOfi Finding 3.4
- Timing
- Medium Severity
- Allocate before Genesis Launch
- Prevent Allocate before Launch
- Youtube Reference
- Medium severity finding from Consensys Diligence Audit of Fei Protocol