Root + Impact

Description

• * Users can redeem collateral and burn DSC tokens, which decreases their tracked balances in the protocol. The functions subtract amounts from state variables without explicit balance checks.

  * The `_redeem_collateral()` and `_burn_dsc()` functions subtract from state variables without verifying that the amount doesn't exceed the user's balance. While Vyper 0.4.0 will revert on underflow, this creates unclear error messages and potential DoS vectors if there are logic errors elsewhere.

  ```vyper

  @internal

  def _redeem_collateral(

  token_collateral_address: address,

  amount_collateral: uint256,

  _from: address,

  _to: address,

  ):

  self.user_to_token_address_to_amount_deposited[_from][

  token_collateral_address

  ] -= amount_collateral // @> No check that balance >= amount_collateral

  log CollateralRedeemed(token_collateral_address, amount_collateral, _from, _to)

  success: bool = extcall IERC20(token_collateral_address).transfer(

  _to, amount_collateral

  )

  assert success, "DSCEngine_TransferFailed"

  ```

  ```vyper

  @internal

  def _burn_dsc(

  amount_dsc_to_burn: uint256, on_behalf_of: address, dsc_from: address

  ):

  self.user_to_dsc_minted[on_behalf_of] -= amount_dsc_to_burn // @> No check that debt >= amount_dsc_to_burn

  success: bool = extcall DSC.burn_from(dsc_from, amount_dsc_to_burn)

  assert success, "DSCEngine__BurnFailed"

  ```

Risk

Likelihood:

• * Logic errors in calculation functions could pass incorrect amounts to these functions

  * Front-running or race conditions could cause amounts to exceed balances between check and execution

  * Integration issues with external contracts could result in invalid amounts

Impact:

• * Unclear error messages when underflow occurs, making debugging difficult

  * Potential DoS if functions are called with incorrect amounts repeatedly

  * Gas waste on failed transactions

  * Could mask underlying logic errors

Proof of Concept

Recommended Mitigation