Foundry DeFi Stablecoin CodeHawks Audit Contest

Cyfrin

DeFiFoundry

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Reentrancy Vulnerability

crypt0mate

Summary

Vulnerability Details

The redeemCollateralForDsc function calls two external functions: _burnDsc and _redeemCollateral. These functions make external calls to other contracts using the transferFrom and transfer functions. If one of these external contracts were to call a function in the DSCEngine contract before the original call to _burnDsc or _redeemCollateral has completed, it could potentially lead to a reentrancy attack.

Impact

In function redeemCollateralForDsc , if a reentrancy attack were to occur, it could potentially affect the state of variables in the DSCEngine contract. For example, the _burnDsc function updates the s_DSCMinted mapping, and the _redeemCollateral function updates the s_collateralDeposited mapping. If a reentrancy attack were to occur, it could potentially result in these variables being updated in an unexpected or incorrect manner.

Tools Used

Slither and manual review.

Recommendations

Use a non-reentrant guard on the redeemCollateralForDsc function.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

236

64 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.