15,000 USDC
View results
Submission Details
Severity: high

Reentrancy Vulnerability in DSCEngine Contract

Summary
The DSCEngine contract is vulnerable to potential reentrancy attacks due to improper sequence of state modification and external calls in the _burnDsc and _redeemCollateral functions.

Vulnerability Details
The vulnerability arises from the fact that the _burnDsc and _redeemCollateral functions modify the contract's state (updating balances) before making external calls. This sequence of operations allows an attacker to exploit reentrancy by calling these functions repeatedly, reentering the contract and potentially manipulating its behavior.

Impact
An attacker could exploit this vulnerability to repeatedly call the _burnDsc and _redeemCollateral functions before the state changes are finalized. This could lead to unintended consequences such as incorrect token balances, loss of funds, or even denial of service. In severe cases, the attacker might be able to drain the contract's funds or disrupt its normal operation.

Tools Used
Manual code review

Recommendations
To address the potential reentrancy vulnerability, the contract should follow the check-effects-interactions pattern. Specifically, all external calls, such as token transfers and contract interactions, should be performed before modifying the contract's state.

In the _burnDsc function, the burn operation should be performed after external calls to ensure that the contract's state is updated only after the DSC tokens are transferred.

Similarly, in the _redeemCollateral function, the transfer of collateral tokens using IERC20.transfer should be checked for success, and the state should be modified only after ensuring that the transfer was successful.

The _burnDsc and _redeemCollateral function should implement the nonReentrant modifier to prevent any reentrant calls to these vulnerable functions.

By following these recommendations, the contract can mitigate the potential reentrancy vulnerability and ensure the secure and reliable operation of its functions.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.