15,000 USDC
View results
Submission Details
Severity: medium

Users should never be prevented from burning their DSC tokens

Summary

Burning DSC is a escape valve for users to prevent liquidation and also helps the protocol to maintain its solvency. After a user burns DSC tokens their health factor checked but in normal circumstances after burning DSC the health factor never decreases, the health factor should always remains the same or increase.

Vulnerability Details

Assume a user deposits 10 WETH tokens and each token has a value of 2,000 dollars and mints 5000 DSC tokens. The value of the collateral in USD is 20,000. The user decides to burn DSC, even though prices are changing constantly due to multiple reasons, during the execution of DSCEngine::burnDsc the value of the collateral of the user should remain close to 20,000 dollars. This means the amount of collateral will be divided by a smaller number resulting the same or greater health factor depending on the amount tokens that were burnt.

function test_burningDSCNeverDecreaseHealthFactor(uint256 _amount) public {
vm.startPrank(user);
ERC20Mock(weth).mint(user, 10 ether);
ERC20Mock(weth).approve(address(dsce), 10 ether);
dsce.depositCollateralAndMintDsc(weth, 10 ether, 5000 ether);
dsc.approve(address(dsce), 5000 ether);
_amount = bound(_amount, 1, 5000 ether);
uint256 healthFactorBefore = dsce.getHealthFactor(user);
dsce.burnDsc(_amount);
uint256 healthFactorAfter = dsce.getHealthFactor(user);
assert(healthFactorBefore <= healthFactorAfter);
vm.stopPrank();
}

The result is shown below.

Running 1 test for test/myTests/fuzz/DSCEngineFuzz.t.sol:DSCEngineTest
[PASS] test_burningDSCNeverDecreaseHealthFactor(uint256) (runs: 128, μ: 279908, ~: 279968)
Test result: ok. 1 passed; 0 failed; 0 skipped; finished in 187.53ms
Ran 1 test suites: 1 tests passed, 0 failed, 0 skipped (1 total tests)

Impact

During the execution of DSCEngine::burnDsc a transaction could take longer than expected to be included in a block and a drastic swing in price may occur, the health factor go below MIN_HEALTH_FACTOR and users will not be able to burn their tokens; I consider this bad user experience and also detrimental to the protocol because could potentially make it prone to insolvency. For these reasons I evaluate the severity to MEDIUM.

Tools Used

Visual Studio Code and Foundry

Recommendations

Remove check for the user health factor in DSCEngine::burnDSC.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.