15,000 USDC
View results
Submission Details
Severity: low
Valid

Users can't partially improve their broken health factor by burning DSC

Summary

The DSCEngine.burnDsc method calls _revertIfHealthFactorIsBroken after burning DSC.

function burnDsc(uint256 amount) public moreThanZero(amount) {
_burnDsc(amount, msg.sender, msg.sender);
_revertIfHealthFactorIsBroken(msg.sender); // I don't think this would ever hit...
}

It is however impossible for _burnDsc method to exacerbate the users health factor as it will lower the amount of DSC minted for that user. As the amount of DSC minted is used in the denominator when calculating health factor, and the amount of DSC to burn is greater than zero, the call to _burnDsc will always result in improved health factor.

Therefore, the only possibility as to when the call to _revertIfHealthFactorIsBroken will revert is if the user's health factor was already broken before calling _burnDsc method and the amount of burnt DSC was not big enough to fix it. If that is intented, please consider switching the order of calls for gas optimization and strict CEI pattern following. However, this behavior is probably not intented as it prevents the users from partially improving their health factor (partially paying the debt) without fully restoring it to MIN_HEALTH_FACTOR or above. The user may be willing to partially reduce their debt to reduce the portion of collateral at risk of liquidation. For the system itself, allowing such an action will reduce the amount of bad debt and reduce the risk of undercollateralization. It is worth noting that, in the liquidate method, system allows the partial liquidation of the user's debt.

Vulnerability Details

n/a

Impact

Users can't improve their broken health factor by burning DSC if they don't burn enough DSC to bring the health factor back to MIN_HEALTH_FACTOR.

Tools Used

Manual review

Recommendations

Remove the _revertIfHealthFactorIsBroken call.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.