Summary

The DSCEngine contract contains a vulnerability due to the lack of a DSC (Decentralized StableCoin) mint check in the redeemCollateral function. The net spec indicates that users should not be able to redeem collateral until they burn their DSC. However, the function does not include the necessary check, allowing users to withdraw collateral without adhering to the intended restrictions.

Vulnerability Details

The issue arises in the redeemCollateral function, where users can redeem collateral without validating if they have DSC minted. The current implementation lacks a require statement to enforce the net spec's intended behavior.

solidity

function redeemCollateral(address tokenCollateralAddress, uint256 amountCollateral)
public
moreThanZero(amountCollateral)
nonReentrant
{
_redeemCollateral(msg.sender, msg.sender, tokenCollateralAddress, amountCollateral);
_revertIfHealthFactorIsBroken(msg.sender);
}

Impact

The vulnerability can potentially lead to a discrepancy in the recorded collateral balance and the actual collateral value. Users could exploit this issue to withdraw collateral without burning their DSC, resulting in a loss of funds or undermining the stability and integrity of the system.

Tools Used

manual

Recommendations

It is highly recommended to add a require statement in the redeemCollateral function to verify if the user has any DSC minted before proceeding with collateral redemption. If the user has DSC minted, the function should revert with an appropriate error message, enforcing the net spec's intended behavior.

function redeemCollateral(address tokenCollateralAddress, uint256 amountCollateral)
public
moreThanZero(amountCollateral)
nonReentrant
{
require(s_DSCMinted[msg.sender] == 0, "Cannot redeem collateral with DSC minted.");
_redeemCollateral(msg.sender, msg.sender, tokenCollateralAddress, amountCollateral);
_revertIfHealthFactorIsBroken(msg.sender);
}