15,000 USDC
View results
Submission Details
Severity: medium

Missing Input Validation could allow Underflow possibilities

Summary

Missing Input Validation could allow Underflow possibilities in L273 and L285 of contract DSCEngine.sol contract after Subtraction Operation.

Vulnerability Details

272. function _burnDsc(uint256 amountDscToBurn, address onBehalfOf, address dscFrom) private {
273. s_DSCMinted[onBehalfOf] -= amountDscToBurn;
...
282. function _redeemCollateral(address from, address to, address tokenCollateralAddress, uint256 amountCollateral)
283. private
284. {
285. s_collateralDeposited[from][tokenCollateralAddress] -= amountCollateral;
...

These codes shows that an underflow is possible without validation check depending on the incoming value of uint amountDscToBurn and uint256 amountCollateral parameters respectively

Impact

Missing Input Validation could allow Underflow possibilities in L273 and L285 of contract DSCEngine.sol contract after Subtraction Operation which could jeopardize the integrity of accurate calculation and a possible loss of fund.

Tools Used

Solidity, Hardhat

Recommendations

An Input validation check is necessary to avoid underflow from subtraction of large number from a smaller number. Another good recommendation is to use safeMath Library in carrying out these calculations as they are fund sensitive.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.