Summary

Users can mint unlimited DSC through depositCollateralAndMintDsc function by depositing just 1e18 as collateral.

Vulnerability Details

The depositCollateralAndMintDsc function takes three parameters: tokenCollateralAddress, amountCollateral, and amountDscToMint. It first calls the depositCollateral function to deposit the specified collateral amount. Then, it calls the mintDsc function to mint the specified DSC amount.

The mintDsc function takes the amountDscToMint parameter. Then, it mints the specified DSC amount for the msg.sender. It adds the minted amount to the s_DSCMinted mapping for that user and then checks the health factor to ensure it doesn't break any rules.

Here's the problem. The mintDsc function doesn't check whether the user has enough collateral to back the minted DSC tokens. It simply mints the requested amount. So, if a user calls the depositCollateralAndMintDsc function with amountCollateral as 1e18 (the minimum allowed collateral), they can specify any amountDscToMint they want, and the contract will mint that amount without any consideration of their collateral backing.

Impact

Users can mint unlimited DSC token without collateral backing.

Tools Used

Manual review

Recommendations

The contract should perform proper checks to ensure that the amount of DSC minted is appropriately backed by collateral.