Summary

The DSCEngine contract lacks health factor validation during the DSC burning process. The _revertIfHealthFactorIsBroken function, which checks the user's health factor, is called after the DSC burning process in both the burnDsc and _burnDsc functions. This oversight allows users to burn DSC tokens without adhering to the required health factor, potentially leading to an imbalanced system and undermining the stability of the DSC token.

Vulnerability Details

The vulnerable code segments are from the burnDsc and _burnDsc functions in the DSCEngine contract:

The _revertIfHealthFactorIsBroken function is called both before and after the DSC burning process. However, the validation before the burning occurs does not prevent the burning process from proceeding even if the health factor is below the required threshold.

Impact

The lack of health factor validation during DSC burning allows users to burn DSC tokens without meeting the health factor requirement. This can lead to a decrease in the user's debt without adhering to the required overcollateralization ratio. Consequently, the system may become undercollateralized, affecting the stability of the DSC token and compromising the overall integrity of the DSC system.

Tools Used

Manual

Recommendations

It is essential to move the health factor check to a more appropriate location, ideally before the DSC burning process. Additionally, it should be placed in both the burnDsc function and the internal _burnDsc function, ensuring that the health factor is validated before any DSC burning occurs.