Foundry DeFi Stablecoin CodeHawks Audit Contest

Cyfrin

DeFiFoundry

15,000 USDC

View results

Previous Next

Submission Details

Severity: high

Risk of re-entrancy attack

0xswahili

Summary

The DSCEngine.sol contract calls external token contracts before updating state

Vulnerability Details

While the risk might not be immediate since the collateral token addresses are carefully chosen, some token contracts eg USDC are up-gradable and therefore carry risk of re-entrancy vulnerability.

Impact

Upgradable token contracts pose risk of re-entrancy attack to the DSCE and other contracts that might rely on this stablecoin.

Tools Used

Manual review

Recommendations

Code at Ln 253 should come AFTER line 255, so:

// We need to burn the DSC

_burnDsc(debtToCover, user, msg.sender);

_redeemCollateral(user, msg.sender, collateral, totalCollateralToRedeem);

Code at Ln 140 should come AFTER line 141, so:

mintDsc(amountDscToMint);

depositCollateral(tokenCollateralAddress, amountCollateral);

_revertIfHealthFactorIsBroken(msg.sender);

That means that Ln 200 _revertIfHealthFactorIsBroken(msg.sender) should move to the end of function depositCollateralAndMintDsc

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

236

64 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.