The primary objective of the DSCEngine.sol
contract is to facilitate collateral deposits and DSC token minting. However, without supported collateral tokens, the DSCEngine contract becomes ineffective, rendering all of its functionalities inoperative.
In the present contract version, it is possible to deploy the DSCEngine without supported tokens and without price feeds.
Consequently, this leads to a non-functional "brick" contract that essentially remains idle and unresponsive—a non-functional entity.
The DSCEngine.sol
constructor accepts two arrays of addresses - address[] tokenAddresses
and address[] priceFeedAddresses
.
While there is a validation that ensures the length of both arrays match, there is currently no check to ensure that the arrays are not empty (with a length of 0). As a result, it is possible, whether accidentally or intentionally, to deploy the contract without any supported collateral tokens for the engine.
Such a state is undesirable, as it defeats the purpose of the contract, rendering it unable to facilitate the minting of DSC tokens. To prevent this scenario and ensure the contract's proper functionality, a check should be implemented to ensure that both arrays contain at least one address.
The whole DSCEngine contract can be broken.
VSCode
Add a check to the DSCEngine constructor that at least one of the supplied array lengths is greater than 0:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.