15,000 USDC
View results
Submission Details
Severity: high

Liquidated users will still have holdings on their dsc even after being liquidated .

Summary

Liquidated users will still have holdings on their dsc even after being liquidated . Cause liquidate function does not actually burn the user's dsc . Instead , it burns dsc from the liquidators .

Vulnerability Details

In case of a full liquidation of an user whom health factor is broken , a liquidator will pay the whole amount of dsc being liquidated . liquidate function will send the liquidator his collateral+ bonus and burn his dsc's . After being fully liquidated an user should not hold any dsc's anymore , but _burnDsc function which is called from liquidate only reduce the user's s_DSCMinted mapping . In this scenario a fully liquidated user will still have his holding on dsc which is not a preferred situation .

here's the _burnDsc function :

function _burnDsc(uint256 amountDscToBurn, address onBehalfOf, address dscFrom) private {
s_DSCMinted[onBehalfOf] -= amountDscToBurn;
bool success = i_dsc.transferFrom(dscFrom, address(this), amountDscToBurn);
// This conditional is hypothtically unreachable
if (!success) {
revert DSCEngine__TransferFailed();
}
i_dsc.burn(amountDscToBurn);
}

Impact

User will have full holding on their dsc even after being liquidated .

Tools Used

Manual review

Recommendations

Consider the liquidation logic again

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.