Foundry DeFi Stablecoin CodeHawks Audit Contest

Cyfrin

DeFiFoundry

15,000 USDC

View results

Previous Next

Submission Details

Severity: high

`burnDsc` function allows undercollateralized users to burn their dsc and avoid liquidation.

arnie

Summary

In the burnDsc function a user can burn his dsc even if he is under the 200% collateralization ratio.

Vulnerability Details

In the brunDsc function, the function first calls _burnDsc before _revertIfHealthFactorIsBroken is called. Because of this, a user who is undercollateralized and about to be liquidated. The user can just call the _brunDsc and burn all of his Dsc leaving him with 0 Dsc. then _revertIfHealthFactorIsBroken is called and since the user now has 0 Dsc and only collateral, his health factor will come out as healthy and therefore an under-collateralized user can avoid liquidation and leave the protocol with bad debt.

Impact

Protocol will become undercollateralized over time. Complete loss of funds for the protocol.

Tools Used

Manual review

Recommendations

calculate health factor first before burning.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

236

64 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.