15,000 USDC
View results
Submission Details
Severity: medium

`DecentralizedStableCoin` is ERC20, and it can transfer to other and let other to liquidate

Summary

DecentralizedStableCoin is ERC20, and it can transfer to other and let other to liquidate.
Because liquidate just burn the msg.sender 's DecentralizedStableCoin. And if user A was liquidated, his collateral will transfer, but his DecentralizedStableCoin are still reserved, and he can forward them to others. And other can use it to call liquidate

Vulnerability Details

liquidate call the _burnDsc and set the dscFrom is msg.sender,so the liquidator just need to have DecentralizedStableCoin to execute the liquidate

function _burnDsc(uint256 amountDscToBurn, address onBehalfOf, address dscFrom) private {
s_DSCMinted[onBehalfOf] -= amountDscToBurn;
bool success = i_dsc.transferFrom(dscFrom, address(this), amountDscToBurn);
// This conditional is hypothtically unreachable
if (!success) {
revert DSCEngine__TransferFailed();
}
i_dsc.burn(amountDscToBurn);
}

https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol#L274

And It check the msg.sender health if (totalDscMinted == 0) return type(uint256).max;.So if sender does not have the mint Dsc, he can call liquidate

function _calculateHealthFactor(uint256 totalDscMinted, uint256 collateralValueInUsd)
internal
pure
returns (uint256)
{
if (totalDscMinted == 0) return type(uint256).max;
uint256 collateralAdjustedForThreshold = (collateralValueInUsd * LIQUIDATION_THRESHOLD) / LIQUIDATION_PRECISION;
return (collateralAdjustedForThreshold * 1e18) / totalDscMinted;
}

https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol#L329

Impact

And if user A was liquidated, his collateral will transfer, but his DecentralizedStableCoin are still reserved, and he can forward them to others. And other can use it to call liquidate

Tools Used

vs code

Recommendations

I think it's a design issue and liquidator assets should be checked

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.