The owner cannot redeem any of their supplied funds or profit
Description
Cyfrin_Hub is set up to allow for investors to supply funds for shares of the company. It also allows the company owner to supply funds, but they do not get shares for their investment. This means that investors can redeem portions of the company's holdings with their shares, but the owner cannot access or redeem any of the holdings.
This is specifically for when the owner funds using fund_cyfrin with 0 as the parameter which would call fund_owner.
Note that there is nothing stopping the owner from going through fund_investor, which would give the owner shares for their investment.
There is no clear way for funds, including profits, to be recovered from this contract by the owner. If the company grows large, most of the funds will be locked in the contract.
Risk
Likelihood:
The owner would have to invest into the compnay without receiving shares. Most of the problems would occur if the company grew large, leaving most funds in the contract inaccessible due to the MAX_PAYOUT_PER_SHARE.
Impact:
The owner cannot recover any of their investment into the company. They also cannot access any of the company's profits.
Recommended Mitigation
Consider tracking the contributions of the owner. They should be able to gain shares, but their shares should not have a cap.
Also consider allowing the owner to be able to increase the amount of public shares to more than TOTAL_SHARES, and allow the owner to reduce the number of shares when not all are being held. This would allow the owner to control the amount of the company they own.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.