Foundry DeFi Stablecoin CodeHawks Audit Contest

Cyfrin

DeFiFoundry

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

`DecentralizedStableCoin` is ERC20, and it can transfer to other and let other to liquidate

Bughunter101

Summary

DecentralizedStableCoin is ERC20, and it can transfer to other and let other to liquidate.
Because liquidate just burn the msg.sender 's DecentralizedStableCoin. And if user A was liquidated, his collateral will transfer, but his DecentralizedStableCoin are still reserved, and he can forward them to others. And other can use it to call liquidate

Vulnerability Details

liquidate call the _burnDsc and set the dscFrom is msg.sender,so the liquidator just need to have DecentralizedStableCoin to execute the liquidate

function _burnDsc(uint256 amountDscToBurn, address onBehalfOf, address dscFrom) private {

s_DSCMinted[onBehalfOf] -= amountDscToBurn;

bool success = i_dsc.transferFrom(dscFrom, address(this), amountDscToBurn);

// This conditional is hypothtically unreachable

if (!success) {

revert DSCEngine__TransferFailed();

}

i_dsc.burn(amountDscToBurn);

}

https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol#L274

And It check the msg.sender health if (totalDscMinted == 0) return type(uint256).max;.So if sender does not have the mint Dsc, he can call liquidate

function _calculateHealthFactor(uint256 totalDscMinted, uint256 collateralValueInUsd)

internal

pure

returns (uint256)

{

if (totalDscMinted == 0) return type(uint256).max;

uint256 collateralAdjustedForThreshold = (collateralValueInUsd * LIQUIDATION_THRESHOLD) / LIQUIDATION_PRECISION;

return (collateralAdjustedForThreshold * 1e18) / totalDscMinted;

}

https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol#L329

Impact

And if user A was liquidated, his collateral will transfer, but his DecentralizedStableCoin are still reserved, and he can forward them to others. And other can use it to call liquidate

Tools Used

vs code

Recommendations

I think it's a design issue and liquidator assets should be checked

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

236

64 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.