The issue lies in the burnFrom
function of the DecentralizedStableCoin.sol, allowing users to bypass _burnDsc
and burn tokens directly without proper checks**.** This manipulation results in an inaccurate s_DSCMinted
value of the user. When we call burnFrom
function the total supply of DSC will decrease but s_DSCMinted
won’t reflect the changes where as it would correctly update with the intended burn functions.
DecentralizedStableCoin.sol inherits from ERC20Burnable.sol. ERC20Burnable implements two functions on top of ERC20 contract. These are burn and burnFrom. In DecentralizedStableCoin we have the onlyOwner modifier for burn function but no such checks for burnFrom
function. Following test shows that the user can call burnFrom function.
Currently this vulnerability does not pose any significant security risk as it only affects the user that calls the burnFrom function. However any protocol that relies on DSC could get inaccurate balance and total supply data if they use the s_DSCMinted mapping. This vulnerability allows burner to bypass healthFactor checks that are implemented in intended burn function.
Foundry, manual test.
Override the burnFrom function in the DecentralizedStableCoin.sol and give it the onlyOwner modifier.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.