Summary

The quantity of tokens generated using the depositCollateralAndMintDsc function may be less than the quantity generated by using the depositCollateral and mintDsc functions separately.

Vulnerability Details

The maximum minting quantity of tokens depends on health factors, while the price of collateral is not confirmed at the time of depositing collateral. The calculation of tokens during minting is done based on the current collateral price. An attacker can deposit a certain amount of collateral using the depositCollateral function, then wait for a period of time. When the price of the collateral rises, they can mint tokens, resulting in a higher quantity of tokens compared to using the depositCollateralAndMintDsc function during the same period.

Impact

If an attacker first uses the depositCollateral function to deposit a certain quantity of collateral and then waits for a period of time before minting tokens when the collateral price increases, they can generate a higher quantity of tokens compared to using the depositCollateralAndMintDsc function during the same period.

Tools Used

vscode

Recommendations

When using the depositCollateral function, the collateral undergoes a price evaluation. Subsequently, when minting tokens, the evaluation price from earlier is used as the standard.