Foundry DeFi Stablecoin CodeHawks Audit Contest
Cyfrin
DeFiFoundry
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

`Constructor` should check if tokenAddresses contains duplicates.

RugpullDetector

Summary

Deployer might include same collateral token twice by mistake.

In that case, collateral value might be calculated twice thus inflated by 2 times.

constructor(address[] memory tokenAddresses, address[] memory priceFeedAddresses, address dscAddress) {
// USD Price Feeds
if (tokenAddresses.length != priceFeedAddresses.length) {
revert DSCEngine__TokenAddressesAndPriceFeedAddressesMustBeSameLength();
}
// For example ETH / USD, BTC / USD, MKR / USD, etc
for (uint256 i = 0; i < tokenAddresses.length; i++) {
s_priceFeeds[tokenAddresses[i]] = priceFeedAddresses[i]; //@audit - should check if there's duplicate tokenAddresses, or double entry token
s_collateralTokens.push(tokenAddresses[i]);
}
i_dsc = DecentralizedStableCoin(dscAddress);
}

Impact

Collateral value and borrowing power might be inflated by 2 times.

Tool used

Manual Review

Recommendation

Constructor should check if tokenAddresses has duplicates.

https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol#L112-L123

constructor(address[] memory tokenAddresses, address[] memory priceFeedAddresses, address dscAddress) {
// USD Price Feeds
if (tokenAddresses.length != priceFeedAddresses.length) {
revert DSCEngine__TokenAddressesAndPriceFeedAddressesMustBeSameLength();
}
// For example ETH / USD, BTC / USD, MKR / USD, etc
for (uint256 i = 0; i < tokenAddresses.length; i++) {
+ require(s_priceFeeds[tokenAddresses[i]] == address(0), DSCEngine_DuplicateCollateral);
s_priceFeeds[tokenAddresses[i]] = priceFeedAddresses[i]; //@audit - should check if there's duplicate tokenAddresses, or double entry token
s_collateralTokens.push(tokenAddresses[i]);
}
i_dsc = DecentralizedStableCoin(dscAddress);
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.