State Variables cannot be updated
Summary
Some of the state variables may need to be changed in the future. They should all be evaluated and where applicable "constant" keyword removed and setter functions added to "DSCEngine" smart contract in order that they may be updated.
Vulnerability Details
If the protocol's administrators needed to update many of the protocol's state variables, as it stands a new smart contract would be required. This could potentially lock user's collateral into the protocol.
Impact
Were the oracle from which the contract gets its price feeds to update the addresses of those price feeds the protocol would be unable to update those addresses in the contract given there is no setter function after they are implemented in the constructor meaning pricing ETH/USD & ETH/BTC would not be possible.
Were regulation to come in about the management of debt & risk the "MIN_HEALTH_FACTOR", "LIQUIDATION_THRESHOLD" could not be updated due to the "constant" keyword and hardcoding.
If the administrators of the protocol wanted to increase/decrease the "LIQUIDATION_BONUS" in response to user behaviour they would be unabe to do so due to the "constant" keyword and hardcoding.
Tools Used
Hardhat Test Suite
Recommendations
Add setter functions for all state variables which may change particularly "s_priceFeeds" & "s_collateralTokens".
Remove "constant" keyword for all state variables which may change particularly "MIN_HEALTH_FACTOR", "LIQUIDATION_THRESHOLD" & "LIQUIDATION_BONUS".
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.