The smart contract DecentralizedStableCoin
suffers from an issue in its burn
function, where an incorrect token burning check allows users to burn more tokens than they actually hold. This flaw can lead to financial losses, potential manipulation of the stablecoin's value, loss of user trust, and potential regulatory compliance issues.
The burn
function in the DecentralizedStableCoin
contract is intended to allow the owner to burn
a specific amount of tokens. However, a flawed check in the function poses a security risk. Below is the code snippet for the vulnerable burn function:
In the above code, the check for _amount
being less than the balance (balance < _amount)
is incorrect. It should have been _amount > balance
to ensure that the amount to burn does not exceed the balance of the caller. As a result, any user, including potential attackers, can burn more tokens than they actually own.
Unauthorized Token Burning: Malicious users can exploit this vulnerability to burn a larger number of tokens than they possess, resulting in unauthorized token burning and a corresponding reduction in the token's total supply.
Manual
The correct check should be _amount > balance
.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.