15,000 USDC
View results
Submission Details
Severity: high

Prevention of liquidation

Summary

The "liquidate" function contains a critical vulnerability that could result in failed liquidation transactions. The vulnerability arises from the absence of a check to ensure that the user has provided the necessary approval to burn their DSC tokens during the liquidation process. This missing approval check could lead to a scenario where the liquidator is unable to burn the DSC tokens and, consequently, fail to complete the liquidation, potentially resulting in significant financial losses for the protocol and liquidators.

Vulnerability Details

function _burnDsc(uint256 amountDscToBurn, address onBehalfOf, address dscFrom) private {
s_DSCMinted[onBehalfOf] -= amountDscToBurn;
bool success = i_dsc.transferFrom(dscFrom, address(this), amountDscToBurn);
// This conditional is hypothtically unreachable
if (!success) {
revert DSCEngine__TransferFailed();
}
i_dsc.burn(amountDscToBurn);
}

_burnDsc has a transferFrom function call, which will revert if allowance not provided for the protocol

Impact

This missing approval check could lead to a scenario where the liquidator is unable to burn the DSC tokens and, consequently, fail to complete the liquidation, potentially resulting in significant financial losses for the protocol and liquidators.

Tools Used

Manual Review

Recommendations

To address this vulnerability and ensure the proper functioning of the liquidation process, I recommend implementing the following changes:

Add Approval Check: Before attempting to burn the DSC tokens, verify that the user has approved the liquidation contract to spend the required amount of DSC tokens. This can be achieved using the ERC-20 allowance function to verify the user's allowance for the liquidation contract.

Handle Insufficient Approval: If the user has not provided the necessary approval for burning DSC tokens, the "liquidate" function should gracefully handle this situation and revert the transaction with a clear error message, indicating that the user must approve the contract to proceed with the liquidation.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.