15,000 USDC
View results
Submission Details
Severity: medium
Valid

Total-supply decreease uncontrolled by DSCEngine

Summary

Anyone who got approvment of certain amount of dsc from owner can use "burnFrom" function to burn dsc and remove it from circulation.

Vulnerability Details

There's no concern about transfer and transferFrom cause dsc doesnt quit the circulation , may gained again and burned by user to collect their collateral.However burnFrom can burn the coin with zero beneficial to user with collateral cause the amount of mint and collateral wont change in dscEngine contract.

Impact

Impact may lead to short of supply and some of users collateral may stuck in the protocol cause the healthfactor of the user wont be broken and cant be liquidated...
The POC
This may change simply user using his dsc to buy some other coin...
function testIfMaliciousActorCanBurnDSC() public depositedCollateralAndMintedDsc{
//some malicious actor called breaker phis user to approve dsc...
//this may happens cause we mostly approve manuely in front end
vm.startPrank(user);
dsc.approve(breaker,amountToMint);
vm.stopPrank();
//and breaker can use burnFrom function to burn the dsc tokens..
vm.startPrank(breaker);
dsc.burnFrom(user,amountToMint);
vm.stopPrank();
//this way even if user doesnt have dsc and no dsc in the circulation wont be able to redeem collateral
//for transfer and transferFrom to another user we still face the same issue however user can obtain dsc
//from the market circulation and burn the dsc in engine so he can redeem.But burnFrom removing token
//from circulation.
vm.startPrank(user);
dsce.redeemCollateral(weth,amountCollateral);
vm.stopPrank();
//Burning Token outside of the protocol may lead inbalance in total-supply and Collateral-supply
//Mitigation: override brunFrom-> with revert DSC__BurnFromDisabled()...

Tools Used

Foundry Test suits--

Recommendations

overriding the burnFrom and disabling it would help protect the protocol in short of supply and help secure the user's collateral

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.