Risk of Unchecked Health Factor in DSC Burning
Summary
The DSCEngine contract lacks health factor validation during the DSC burning process. The _revertIfHealthFactorIsBroken function, which checks the user's health factor, is called after the DSC burning process in both the burnDsc and _burnDsc functions. This oversight allows users to burn DSC tokens without adhering to the required health factor, potentially leading to an imbalanced system and undermining the stability of the DSC token.
Vulnerability Details
The vulnerable code segments are from the burnDsc and _burnDsc functions in the DSCEngine contract:
The _revertIfHealthFactorIsBroken function is called both before and after the DSC burning process. However, the validation before the burning occurs does not prevent the burning process from proceeding even if the health factor is below the required threshold.
Impact
The lack of health factor validation during DSC burning allows users to burn DSC tokens without meeting the health factor requirement. This can lead to a decrease in the user's debt without adhering to the required overcollateralization ratio. Consequently, the system may become undercollateralized, affecting the stability of the DSC token and compromising the overall integrity of the DSC system.
Tools Used
Manual
Recommendations
It is essential to move the health factor check to a more appropriate location, ideally before the DSC burning process. Additionally, it should be placed in both the burnDsc function and the internal _burnDsc function, ensuring that the health factor is validated before any DSC burning occurs.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.