15,000 USDC
View results
Submission Details
Severity: high

Inability to Withdraw Excess Reserves

Summary

The DSCEngine.sol contract lacks a mechanism to withdraw excess reserves that can accumulate during liquidations. This leads to inefficient use of funds, as excess reserves above a certain threshold (e.g., 5%) cannot be reallocated or utilized elsewhere.

Vulnerability Details

When liquidations occur, excess reserves may accumulate within the contract. There's no function to withdraw these excess funds, leading to inefficiencies.

Impact

The inability to withdraw excess reserves can lead to funds being locked in the contract, resulting in an inefficient use of funds.

Recommendations

Implement a function that allows an authorized entity to withdraw excess reserves when they exceed a certain threshold relative to the required reserves. Here is a potential code snippet:

function withdrawExcessReserves(address treasury) external onlyOwner {
uint256 excessReserves = calculateExcessReserves();
require(excessReserves > 0, "No excess reserves to withdraw.");
ReserveToken.transfer(treasury, excessReserves);
}

Ensure secure access control, implement event logging, and conduct thorough testing and auditing.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.