Summary

The DSCEngine allows users to deposit collateral and mint a decentralized stablecoin. The contract, however, might not properly handle tokens that incorporate a fee-on-transfer mechanism, such as USDT. This can lead to potential discrepancies in the user's deposited collateral amount, affecting other operations in the contract.

Vulnerability Details

The depositCollateral() function is designed to receive collateral from a user. The function updates the user's collateral balance before the actual transfer of tokens occurs:

For tokens with a fee-on-transfer mechanism, the contract might not receive the full amountCollateral. The discrepancy between the actual balance of the contract and the s_collateralDeposited mapping might affect other operations.

Impact

If a user deposits a token that has a fee-on-transfer feature, the s_collateralDeposited mapping may record a higher balance than what the contract actually receives. This discrepancy could potentially allow a user to mint more stablecoins than they should be able to, based on their collateral. This could, in turn, lead to a lack of backing for the minted stablecoins, potentially causing instability in the system.

Tools Used

Manual review

Recommendations

After calling the transferFrom() function, compare the contract's token balance before and after the transfer. This will ensure that the actual transferred amount matches the expected amount.