Summary

The depositCollateralAndMintDsc function allows users to deposit collateral and mint DSC tokens in a single transaction.

Vulnerability Details

However, this function is vulnerable to frontrunning attacks, where an attacker can manipulate the collateral deposit process and secure DSC minting with a lower collateral price.

Impact

POC:

User A intends to deposit 1 WBTC as collateral to mint DSC tokens.
The current price of WBTC is $50,000 per token.
User A submits a transaction to call the depositCollateralAndMintDsc function with the parameters (WBTC, 1 WBTC, X DSC), where X represents the desired amount of DSC tokens to mint.
Before User A's transaction is confirmed, the attacker (Front-runner) observes the pending transaction on the mempool and notices that User A intends to deposit 1 WBTC.
The attacker quickly submits their own transaction with a higher gas price, specifying the same parameters as User A (WBTC, 1 WBTC, Y DSC), where Y is a larger amount of DSC tokens to mint.
The attacker's transaction gets mined before User A's transaction due to the higher gas price, and their 1 WBTC is deposited as collateral.
Now, when User A's transaction gets mined, it fails because the contract's state has already been updated by the attacker's transaction. The attacker has successfully manipulated the collateral deposit process and secured DSC minting with a lower collateral price (1 WBTC).

Tools Used

Manual Review

Recommendations

Change the depositCollateral and mintDsc function to internal functions.
This will prevent frontrunners from manipulating the collateral deposit process.