Foundry DeFi Stablecoin CodeHawks Audit Contest

Cyfrin

DeFiFoundry

15,000 USDC

View results

Previous Next

Submission Details

Severity: gas

My first ever audit

bigBagBoogy

Summary

As pointed out by Patrick Collins: "You'll probably suck at your first audit". Despite that, The following are my findings:

Vulnerability Details

I deployed the contract to Sepolia test network (0x3e899202640a3135A9D6E540938Ab35D364CF0f5). Got 0.5 Sepolia weth (0xdd13E55209Fd76AfE204dBda4007C227904f0a81).
Went to Etherscan and clicked "depositCollateral" with the weth token and an amount in wei (tried 0.5 and 0.3 eth (in wei)).
Both transactions failed:
TxHash: 0xf0fc3fc1e7661be064e299258d0f3866aae14387f6076814a4406d4f52c50f50 and
TxHash: 0x441a3f5c13ebc74d5d9b59e12fa9ee2b4ce8fd2b71836702795d563f98d8efbc

I lack the experience to pinpoint why this failed. It's moreThanZero and the getCollateralTokens method Response proves that 0xdd13E55209Fd76AfE204dBda4007C227904f0a81 is an allowed token.

On Etherscan it said: Warning! Error encountered during contract execution [execution reverted].

Metamask also complained: "We were not able to estimate gas. There might be an error in the contract and this transaction may fail."

Impact

My aim was to test the ability to deposit weth and (later) redeem wbtc. Let's say "a fee-less "swap".
My motivation for this was, that right now only an Arithmetic over/underflow prevents this.
I noticed that both userBalance = ERC20Mock(weth).balanceOf(user);
and userBalance = ERC20Mock(wbtc).balanceOf(user);
returns 10000000000000000000 (in case of 10 ether) IERC20's balanceOf makes no distinction between these two tokens.
Luckily the _redeemCollateral does, so as long as there's no further operations use the "balanceOf" function there should be no issue.

Tools Used

stateful Invariants testing (still very complex for my experience lvl.)
unit test (testBreaksWhenTryingToRedeemDifferentCollateral) does break on Arithmetic over/underflow. see line 328 of DSCEngineTest.t.sol

Recommendations

A "swap" functionality could be added as a service at a fee.
Right now there's no rent charged for the DSC debt. If implemented, this would have to come out of the user's collateral, thus depleting his healthfactor.
I see no event being emitted of a health factor being broken. How can users (listen) for this event and find out which users are eligible for liquidation?

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

236

64 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.