The DecentralizedStableCoin
has a centralized ownership which allows the owner to mint without any restriction.
The DecentralizedStableCoin
is supposed to be decentralized. However, the deployer of the DecentralizedStableCoin.sol
contract becomes the owner
and thus has all the onlyOwner
rights on burn()
and mint()
.
burn()
has a check to ensure the caller of the function is only burning his tokens:
But the mint()
function has no check, so the owner can mint as much as he wants without any restiction.
Therefore it isn't a decentralized stablecoin
, and moreover if the owner
is malicious he could act against the protocol interest.
The protocol is not decentralized.
Manual review
Make the DSCEngine.sol
the owner of the DecentralizedStableCoin.sol
or modify the docs to inform the users about this centralization risk.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.