15,000 USDC
View results
Submission Details
Severity: high

Incorrect Token Burning Check in DecentralizedStableCoin

Summary

The smart contract DecentralizedStableCoin suffers from an issue in its burn function, where an incorrect token burning check allows users to burn more tokens than they actually hold. This flaw can lead to financial losses, potential manipulation of the stablecoin's value, loss of user trust, and potential regulatory compliance issues.

Vulnerability Details

The burn function in the DecentralizedStableCoin contract is intended to allow the owner to burn a specific amount of tokens. However, a flawed check in the function poses a security risk. Below is the code snippet for the vulnerable burn function:

function burn(uint256 _amount) public override onlyOwner {
uint256 balance = balanceOf(msg.sender);
if (_amount <= 0) {
revert DecentralizedStableCoin__MustBeMoreThanZero();
}
if (balance < _amount) {
revert DecentralizedStableCoin__BurnAmountExceedsBalance();
}
super.burn(_amount);
}

In the above code, the check for _amount being less than the balance (balance < _amount) is incorrect. It should have been _amount > balance to ensure that the amount to burn does not exceed the balance of the caller. As a result, any user, including potential attackers, can burn more tokens than they actually own.

Impact

Unauthorized Token Burning: Malicious users can exploit this vulnerability to burn a larger number of tokens than they possess, resulting in unauthorized token burning and a corresponding reduction in the token's total supply.

Tools Used

Manual

Recommendations

The correct check should be _amount > balance.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.