Unneccessary health check stops users from lowering their debt.
Summary
A unneccessary health check stops users from lowering their debt.
Vulnerability Details
The burnDsc method in DSCEngine implements a health check at the end of the function:
This health check is unneccessary and overly restrictive, as burning DSC means reducing debt, i.e., the health factor can only improve. The only situation in which this line would revert is when a user is already below the minimum health factor and reduces some of their debt by calling burnDsc, after which they are still below the minimum health factor, just not as much as before. This is overall positive for the system.
Impact
The above scenario is a legitimate operation a user might want to perform to reduce the amount of funds they would lose in a liquidation:
A user has borrowed 100 DSC and supplied 100 collateral tokens. He falls below the minimum health factor and is thus liquidatable. He currently only has access to 10 DSC, which is not sufficient to improve the health factor enough to be above the threshold. However, he could still burn the 10 remaining DSC to reduce his debt, meaning the 10% liquidation fee will only be applied on the reduced debt, saving him money. But, the health check in burnDsc would not let him to that.
Tools Used
None
Recommendations
Remove the health check in burnDsc.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.