The DecentralizedStableCoin.sol
contract includes a mint function that can only be called by the contract owner due to the onlyOwner
modifier. However, the mintDsc
function in the DSCEngine.sol
contract attempts to call the mint
function, potentially leading to a revert when invoked by a normal user who is not the contract owner.
In the constructor of the DSCEngine.sol
contract, the i_dsc
variable is assigned the instance of the DecentralizedStableCoin
contract located at the address dscAddress
. The DecentralizedStableCoin
contract requires deployment before the DSCEngine.sol
contract, and its onlyOwner
modifier restricts access to the contract owner's address.
The issue arises when a normal user calls the mintDsc
function in the DSCEngine.sol
contract. The function attempts to execute the following line:
However, since the user is not the owner of the DecentralizedStableCoin
contract, the i_dsc.mint
function, which can only be called by the owner, will cause a revert.
The mintDsc
function in the DSCEngine.sol
contract will not work as intended when called by normal users due to the onlyOwner
modifier on the mint function in the DecentralizedStableCoin.sol
contract. As a result, the transaction will be reverted, and users will be unable to mint the decentralized stablecoin as expected.
Vulnerable code:
VS Code
Manual review
Example fix would be to create another modifier that allows the owner
or users
to call the mint
function
Example:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.