Foundry DeFi Stablecoin CodeHawks Audit Contest

Cyfrin

DeFiFoundry

15,000 USDC

View results

Previous Next

Submission Details

Severity: gas

Valid

QA

tsar

QA

Function Visibility [1]

Order of Functions: Ordering helps readers identify which functions they can call and to find the constructor and fallback definitions easier. Functions should be grouped according to their visibility and ordered: constructor, receive function (if exists), fallback function (if exists), external, public, internal, private. Within a grouping, place the view and pure functions last.

https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DecentralizedStableCoin.sol

// place this external function before the public one.

57: function mint(address _to, uint256 _amount) external onlyOwner returns (bool) {

https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol

// place these public functions right after external ones.

149: function depositCollateral(address tokenCollateralAddress, uint256 amountCollateral)

183: function redeemCollateral(address tokenCollateralAddress, uint256 amountCollateral)

197: function mintDsc(uint256 amountDscToMint) public moreThanZero(amountDscToMint) nonReentrant {

212: function burnDsc(uint256 amount) public moreThanZero(amount) {

340: function getTokenAmountFromUsd(address token, uint256 usdAmountInWei) public view returns (uint256) {

350: function getAccountCollateralValue(address user) public view returns (uint256 totalCollateralValueInUsd) {

361: function getUsdValue(address token, uint256 amount) public view returns (uint256) {

// place these private functions after for last

272: function _burnDsc(uint256 amountDscToBurn, address onBehalfOf, address dscFrom) private {

282: function _redeemCollateral(address from, address to, address tokenCollateralAddress, uint256 amountCollateral)

297: function _getAccountInformation(address user)

310: function _healthFactor(address user) private view returns (uint256) {

// place these internal functions right before private ones

317: function _revertIfHealthFactorIsBroken(address user) internal view {

324: function _calculateHealthFactor(uint256 totalDscMinted, uint256 collateralValueInUsd)

// place these external functions first

369: function getAccountInformation(address user)

377: function getAdditionalFeedPrecision() external pure returns (uint256) {

381: function getPrecision() external pure returns (uint256) {

385: function calculateHealthFactor(uint256 totalDscMinted, uint256 collateralValueInUsd)

393: function getHealthFactor(address user) external view returns (uint256) {

397: function getLiquidationBonus() external pure returns (uint256) {

401: function getCollateralTokenPriceFeed(address token) external view returns (address) {

405: function getCollateralTokens() external view returns (address[] memory) {

409: function getMinHealthFactor() external pure returns (uint256) {

413: function getLiquidationThreshold() external pure returns (uint256) {

417: function getCollateralBalanceOfUser(address user, address token) external view returns (uint256) {

421: function getDsc() external view returns (address) {

natSpec missing [2]

Some functions are missing @params or @returns. Specification Format.” These are written with a triple slash (///) or a double asterisk block(/** ... */) directly above function declarations or statements to generate documentation in JSON format for developers and end-users. It is recommended that Solidity contracts are fully annotated using NatSpec for all public interfaces (everything in the ABI). These comments contain different types of tags:

@title: A title that should describe the contract/interface @author: The name of the author (for contract, interface)
@notice: Explain to an end user what this does (for contract, interface, function, public state variable, event)
@dev: Explain to a developer any extra details (for contract, interface, function, state variable, event)
@param: Documents a parameter (just like in doxygen) and must be followed by parameter name (for function, event)
@return: Documents the return variables of a contract’s function (function, public state variable)
@inheritdoc: Copies all missing tags from the base function and must be followed by the contract name (for function, public state variable)
@custom…: Custom tag, semantics is application-defined (for everywhere)

https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DecentralizedStableCoin.sol

40: error DecentralizedStableCoin__MustBeMoreThanZero();

41: error DecentralizedStableCoin__BurnAmountExceedsBalance();

42: error DecentralizedStableCoin__NotZeroAddress();

44: constructor() ERC20("DecentralizedStableCoin", "DSC") {}

46: function burn(uint256 _amount) public override onlyOwner {

57: function mint(address _to, uint256 _amount) external onlyOwner returns (bool) {

https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol

53: error DSCEngine__NeedsMoreThanZero();

54: error DSCEngine__TokenAddressesAndPriceFeedAddressesMustBeSameLength();

55: error DSCEngine__NotAllowedToken();

56: error DSCEngine__TransferFailed();

57: error DSCEngine__BreaksHealthFactor(uint256 healthFactor);

58: error DSCEngine__MintFailed();

59: error DSCEngine__HealthFactorOk();

60: error DSCEngine__HealthFactorNotImproved();

87: event CollateralDeposited(address indexed user, address indexed token, uint256 indexed amount);

88: event CollateralRedeemed(

95: modifier moreThanZero(uint256 amount) {

102: modifier isAllowedToken(address token) {

112: constructor(address[] memory tokenAddresses, address[] memory priceFeedAddresses, address dscAddress) {