15,000 USDC
View results
Submission Details
Severity: medium

Risk of Unchecked Health Factor in DSC Burning

Summary

The DSCEngine contract lacks health factor validation during the DSC burning process. The _revertIfHealthFactorIsBroken function, which checks the user's health factor, is called after the DSC burning process in both the burnDsc and _burnDsc functions. This oversight allows users to burn DSC tokens without adhering to the required health factor, potentially leading to an imbalanced system and undermining the stability of the DSC token.

Vulnerability Details

The vulnerable code segments are from the burnDsc and _burnDsc functions in the DSCEngine contract:

function burnDsc(uint256 amount) public moreThanZero(amount) {
_burnDsc(amount, msg.sender, msg.sender);
_revertIfHealthFactorIsBroken(msg.sender); // I don't think this would ever hit...
}
function _burnDsc(uint256 amountDscToBurn, address onBehalfOf, address dscFrom) private {
_revertIfHealthFactorIsBroken(onBehalfOf); // Validate health factor before burning
s_DSCMinted[onBehalfOf] -= amountDscToBurn;
bool success = i_dsc.transferFrom(dscFrom, address(this), amountDscToBurn);
if (!success) {
revert DSCEngine__TransferFailed();
}
i_dsc.burn(amountDscToBurn);
_revertIfHealthFactorIsBroken(onBehalfOf); // Validate health factor after burning
}

The _revertIfHealthFactorIsBroken function is called both before and after the DSC burning process. However, the validation before the burning occurs does not prevent the burning process from proceeding even if the health factor is below the required threshold.

Impact

The lack of health factor validation during DSC burning allows users to burn DSC tokens without meeting the health factor requirement. This can lead to a decrease in the user's debt without adhering to the required overcollateralization ratio. Consequently, the system may become undercollateralized, affecting the stability of the DSC token and compromising the overall integrity of the DSC system.

Tools Used

Manual

Recommendations

It is essential to move the health factor check to a more appropriate location, ideally before the DSC burning process. Additionally, it should be placed in both the burnDsc function and the internal _burnDsc function, ensuring that the health factor is validated before any DSC burning occurs.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.