Foundry DeFi Stablecoin CodeHawks Audit Contest
Cyfrin
DeFiFoundry
15,000 USDC
View results
Previous Next
Submission Details
Severity: gas
Valid

Misleading NatSpec for redeemCollateral function

funkornaut

Summary

This comment on the redeemCollateral function is misleading
* @notice If you have DSC minted, you will not be able to redeem until you burn your DSC

Vulnerability Details

The redeemCollateral function does not directly require the user to burn DSC to redeem their collateral. Instead, it checks whether the operation would break the health factor. In cases where a user has a high collateralization ratio, they may redeem some of their collateral without burning DSC while keeping their health factor above the threshold. Therefore, the NatSpec comment may inaccurately represent the redeemCollateral functionality under certain conditions.

PoC: Add this test to DSCEngineTest.t.sol and it passes

function testCanRedeemCollateralWithSomeDSCMintedAndNotBurnDSC() public {
//user deposits a large amout of weth and mints a small amount of dsc
vm.startPrank(user);
ERC20Mock(weth).approve(address(dsce), 1000);
dsce.depositCollateralAndMintDsc(weth, 1000, 1);
//user redeems some collateral without burning any dsc
dsce.redeemCollateral(weth, 10);
vm.stopPrank;
}

Impact

This comment can lead users and auditors to misunderstand how the function works.

Tools Used

Manual Review

Recommendations

Remove the NatSpec line or further clarify that the redeemCollateral function may revert if the user has too much DSC minted and will need to burn DSC before calling the function again.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.