Incorrect Token Burning Check in DecentralizedStableCoin
Summary
The smart contract DecentralizedStableCoin suffers from an issue in its burn function, where an incorrect token burning check allows users to burn more tokens than they actually hold. This flaw can lead to financial losses, potential manipulation of the stablecoin's value, loss of user trust, and potential regulatory compliance issues.
Vulnerability Details
The burn function in the DecentralizedStableCoin contract is intended to allow the owner to burn a specific amount of tokens. However, a flawed check in the function poses a security risk. Below is the code snippet for the vulnerable burn function:
In the above code, the check for _amount being less than the balance (balance < _amount) is incorrect. It should have been _amount > balance to ensure that the amount to burn does not exceed the balance of the caller. As a result, any user, including potential attackers, can burn more tokens than they actually own.
Impact
Unauthorized Token Burning: Malicious users can exploit this vulnerability to burn a larger number of tokens than they possess, resulting in unauthorized token burning and a corresponding reduction in the token's total supply.
Tools Used
Manual
Recommendations
The correct check should be _amount > balance.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.