[01] No access to mint and burn method of DecentralizedStableCoin contract

If the DecentralizedStableCoin is deployed in the constructor of DSCEngine then it will ensure that it becomes the Owner of DecentralizedStableCoin otherwise if manual owner transfer is not done by the deployer on DecentralizedStableCoin then it can stop all the mint and burn functionality of the DSCEngine contract. As only owner can mint or burn.

https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DecentralizedStableCoin.sol#L46

https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DecentralizedStableCoin.sol#L57

https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol#L112

Recommendation

Use i_dsc = new DecentralizedStableCoin(); in the constructor of DSCEngine contract.

[02] Underflow/Overflow handling missing in the contract

The function _burnDsc() doesn’t check the amountDscToBurn before subtracting it from s_DSCMinted mapping of user. Which can easily cause underflow errors.

https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol#L273

Similarly, The function _redeemCollateral() doesn’t check amountCollateral before subtracting it from s_collateralDeposited mapping.

https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol#L285C1-L285C1

Recommendation

Add a check if amountDscToBurn <= s_DSCMinted[onBehalfOf] before subtracting.

Add a check if amountCollateral <= s_collateralDeposited[from][tokenCollateralAddress] before subtracting.

[03] Zero address check missing in constructor

There is not check for zero address on the input param dscAddress of the constructor. If address(0) is sent, it can make the whole protocol unusable after deployment.

https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol#L112-L123

Recommendation

Add a check of dscAddress not equal to address(0).