Foundry DeFi Stablecoin CodeHawks Audit Contest

Cyfrin

DeFiFoundry

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Users should never be prevented from burning their DSC tokens

pacelli

Summary

Burning DSC is a escape valve for users to prevent liquidation and also helps the protocol to maintain its solvency. After a user burns DSC tokens their health factor checked but in normal circumstances after burning DSC the health factor never decreases, the health factor should always remains the same or increase.

Vulnerability Details

Assume a user deposits 10 WETH tokens and each token has a value of 2,000 dollars and mints 5000 DSC tokens. The value of the collateral in USD is 20,000. The user decides to burn DSC, even though prices are changing constantly due to multiple reasons, during the execution of DSCEngine::burnDsc the value of the collateral of the user should remain close to 20,000 dollars. This means the amount of collateral will be divided by a smaller number resulting the same or greater health factor depending on the amount tokens that were burnt.

function test_burningDSCNeverDecreaseHealthFactor(uint256 _amount) public {

vm.startPrank(user);

ERC20Mock(weth).mint(user, 10 ether);

ERC20Mock(weth).approve(address(dsce), 10 ether);

dsce.depositCollateralAndMintDsc(weth, 10 ether, 5000 ether);

dsc.approve(address(dsce), 5000 ether);

_amount = bound(_amount, 1, 5000 ether);

uint256 healthFactorBefore = dsce.getHealthFactor(user);

dsce.burnDsc(_amount);

uint256 healthFactorAfter = dsce.getHealthFactor(user);

assert(healthFactorBefore <= healthFactorAfter);

vm.stopPrank();

}

The result is shown below.

Running 1 test for test/myTests/fuzz/DSCEngineFuzz.t.sol:DSCEngineTest

[PASS] test_burningDSCNeverDecreaseHealthFactor(uint256) (runs: 128, μ: 279908, ~: 279968)

Test result: ok. 1 passed; 0 failed; 0 skipped; finished in 187.53ms

Ran 1 test suites: 1 tests passed, 0 failed, 0 skipped (1 total tests)

Impact

During the execution of DSCEngine::burnDsc a transaction could take longer than expected to be included in a block and a drastic swing in price may occur, the health factor go below MIN_HEALTH_FACTOR and users will not be able to burn their tokens; I consider this bad user experience and also detrimental to the protocol because could potentially make it prone to insolvency. For these reasons I evaluate the severity to MEDIUM.

Tools Used

Visual Studio Code and Foundry

Recommendations

Remove check for the user health factor in DSCEngine::burnDSC.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

236

64 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.