When users deposit and redeem collateral token, it always assumed that amountCollateral
is always equal to the transferred or received amount, this will cause issue if the collateral used has fee on transfer, breaking the protocol accounting.
depositCollateral
assume that amountCollateral
that added to s_collateralDeposited
equal to collateral transferred from users :
https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol#L149-L161
_redeemCollateral
also do the same thing :
https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol#L281-L291
This will cause internal accounting inaccurate and eventually break the protocol
Manual review
Consider to check before and after transfer balance, and used the diff for accounting for updating s_collateralDeposited
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.