Summary

Collateral can be redeemed and DSC tokens kept

Vulnerability Details

DecentralisedStableCoin.redeemCollateral() is a public function and has the following comment : "@notice If you have DSC minted, you will not be able to redeem until you burn your DSC" yet I don't see how the protocol prevents this.DecentralisedStableCoin.redeemCollateral() calls _redeemCollateral private function which subtracts the collateral amount from the s_collateralDeposited mapping for the user who initiates the withdrawal and transfers the collateral tokens to the user.After that redeemCollateral() calls _revertIfHealthFactorIsBroken() which calculates the healthFactor.If a user deposited 1 weth as collateral (1849 dollars) then his healthFactor is 1849 * 50(LIQUIDATION_THRESHOLD) / 100(LIQUIDATION_PRECISION) = 924,5. 924,5 scaled to 1e18 is 924,500,000,000,000,000,000. Then we divide this by totalDscMinted. Let's this user is the first one to deposit collateral and mint DSC. Then for sure the user healthFactor will be ok according to the equation and _revertIfHealthFactorIsBroken() won't revert the redeemCollateral() function.In summary there will be a period of time in which not much dsc tokens will be minted and in that period a user can deposit collateral, mint tokens and redeem the collateral without burning the tokens.

Impact

If collateral is redeemed and tokens are not burn there will be a drop in the price of DSC token.

Tools Used

Manual Review

Recommendations

Make redeemCollateral() internal so it can be called only within redeemCollateralForDsc()