Company Simulator

First Flight #51

Beginner FriendlyDeFi

100 EXP

View results

Previous Next

Submission Details

Impact: low

Likelihood: medium

Invalid

L05. Funding Denial via Strict Insolvency Check in fund_investor() even if the company is solvent

accessdenied

Root + Impact

Description

Normal behavior: The fund_investor() function allows users to invest ETH in exchange for shares. The function calculates the company's net worth and share price to determine how many shares the investor receives.
Problem: The function contains the check assert (self.company_balance > self.holding_debt), "Company is insolvent!!!". When company_balance is exactly equal to holding_debt, this assertion fails. This can occur naturally when the company has zero net profit, effectively blocking all future investor funding even though the system is economically sound.

# Root cause in the codebase with @> marks

@> assert (self.company_balance > self.holding_debt), "Company is insolvent!!!"

Risk

Likelihood:

During normal operation when all previous revenues and debts balance exactly, producing company_balance == holding_debt.
After multiple share redemptions or debt payments, the company's balance can equal its total outstanding obligations.

Impact:

Investors cannot fund the company until the owner injects more ETH, leading to a potential DoS on funding.
Share issuance logic may be blocked, freezing growth and participation even though no economic loss has occurred.

Proof of Concept

# 1) Deploy CompanyGame

company = deploy CompanyGame()

# 2) Owner sets initial company_balance and holding_debt to equal amounts

company.company_balance = 10_000_000_000_000_000

company.holding_debt = 10_000_000_000_000_000

# 3) Attempt to call fund_investor() from any investor

# The function reverts because:

# assert (company_balance > holding_debt)

CompanyGame(company_address).fund_investor(action=1, msg.value=1_000_000_000_000_000)

# Written explanation:

# Although the company is fully collateralized and no real insolvency exists,

# the strict inequality prevents any new investment from being accepted.

# This blocks legitimate investor participation until the owner injects extra funds.

Recommended Mitigation

Relax the strict inequality to allow equality and preserve natural liveness:

- remove this code

@> assert (self.company_balance > self.holding_debt), "Company is insolvent!!!"

+ add this code

+ assert (self.company_balance >= self.holding_debt), "Company is insolvent!!!"

Updates

Lead Judging Commences

0xshaedyw Lead Judge

4 days ago

0xshaedyw Lead Judge 3 days ago

Submission Judgement Published

Invalidated

Reason: Design choice

Rewards breakdown

nSLOC

265

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.