Zero Access Control Mechanism for Collateral Redemption
Summary
The redeemCollateral function in the provided DSCEngine contract lacks proper access control, allowing any address, including malicious actors, to redeem collateral without appropriate checks. This issue can lead to potential exploits and undesired behavior, posing risks to the stability and security of the DSC system.
Vulnerability Details
The redeemCollateral function in the contract allows any address to redeem collateral without any authorization checks. Below is the code snippet of the function:
Impact
The lack of access control in the redeemCollateral function allows any address, including malicious actors, to redeem collateral tokens without following the necessary protocol. This could lead to unauthorized withdrawals and potential manipulation of the collateral pool, destabilizing the DSC system.It also allows users to redeem collateral without burning the required amount of DSC tokens, leading to a decrease in the system's overcollateralization. This can result in an imbalance between the value of outstanding DSC tokens and the collateral value, potentially destabilizing the DSC system.
Tools Used
Manual
Recommendations
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.