Foundry DeFi Stablecoin CodeHawks Audit Contest

Cyfrin

DeFiFoundry

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Users may not burn DSC in some situations

iurii2002

Summary

Protocol designed to be 200% overcollateralized. This mean that user should provide at least 2 USD collateral for every 1 DSC got from protocol.

Vulnerability Details

If user's health factor significantly dropped but not yet get liquidated, they may only cover debt in a way to health factor become bigger then MIN_HEALTH_FACTOR.

Consider

Alice deposited $200 of weth into protocol and minter $100 of DSC.
Price of weth dropped and not Alice has $150 of weth collateral and $100 DSC debt. Position is now insolvent but not yet liquidated.
Alice used $90 of DSC for some activity but holds other $10 and want to repay these $10 to improve her health factor a bit while searching for additional funding.
It would be impossible as health factor would be still broken and engine would not allow her to do so.

Impact

Users may lots funds on liquidation that would be possible to save

Tools Used

Foundry tests

function testCanBurnDscTwoCollaterals() public {

vm.startPrank(user);

ERC20Mock(weth).approve(address(dsce), amountCollateral);

int256 wethUsdUpdatedPrice = 200e8; // 1 ETH = $200

MockV3Aggregator(ethUsdPriceFeed).updateAnswer(wethUsdUpdatedPrice);

// deposit $200, mint $100

uint256 dscWethAmountToMint = 100 ether;

dsce.depositCollateralAndMintDsc(weth, 1 ether, dscWethAmountToMint);

// current user status:

// Deposit:

// * $200 weth

// Loan:

// * $100 dsc

wethUsdUpdatedPrice = 150e8; // 1 ETH = $150

MockV3Aggregator(ethUsdPriceFeed).updateAnswer(wethUsdUpdatedPrice);

// Now user is insolvent. Current user status:

// Deposit:

// * $150 weth

// Loan:

// * $100 dsc

uint256 smallAmountToBurn = 10 ether;

dsc.approve(address(dsce), dscWethAmountToMint);

dsce.burnDsc(smallAmountToBurn);

vm.stopPrank();

uint256 userBalance = dsc.balanceOf(user);

assertEq(userBalance, dscWethAmountToMint - smallAmountToBurn);

}

Result

Running 1 test for test/unit/DSCEngineTest.t.sol:DSCEngineTest

[FAIL. Reason: DSCEngine__BreaksHealthFactor(833333333333333333 [8.333e17])] testCanBurnDscTwoCollaterals() (gas: 439245)

Test result: FAILED. 0 passed; 1 failed; finished in 3.11ms

Recommendations

Allow users to improve health factor while burning DSC while still be insolvent

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

236

64 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.