Algo Ssstablecoinsss

AI First Flight #2

Beginner FriendlyDeFi

EXP

View results

Previous Next

Submission Details

Impact: medium

Likelihood: medium

Invalid

Incorrect Order of Operations in Redeem Collateral For DSC

muzammilmohammed678

Root + Impact

Description

* Users can redeem collateral while burning DSC in a single transaction. The function burns DSC debt first, then redeems collateral, then checks health factor.

* The `redeem_collateral_for_dsc()` function burns DSC before redeeming collateral. This order is counterintuitive and could mask bugs, as typically you'd want to ensure sufficient collateral remains before reducing debt.

```vyper

@external

def redeem_collateral_for_dsc(

token_collateral_address: address,

amount_collateral: uint256,

amount_dsc_to_burn: uint256,

):

self._burn_dsc(amount_dsc_to_burn, msg.sender, msg.sender) // @> Debt reduced first

self._redeem_collateral(

token_collateral_address, amount_collateral, msg.sender, msg.sender

) // @> Collateral redeemed second

self._revert_if_health_factor_is_broken(msg.sender) // @> Health factor checked last

```

Risk

Likelihood:

* Users might expect collateral to be redeemed first to ensure sufficient collateral remains

* If there's a bug in health factor calculation, this order might allow invalid operations

* Front-running or MEV bots could exploit the order of operations

Impact:

* Potential for confusion and unexpected behavior

* Could mask bugs in health factor calculations

* Users might not understand why operations succeed or fail

Proof of Concept

```python

# Scenario:

# 1. User has 1000 DSC debt, 2 ETH collateral (worth $4000)

# 2. Health factor = (4000 * 0.5) / 1000 = 2.0 (healthy)

# 3. User calls redeem_collateral_for_dsc(1 ETH, 500 DSC)

# 4. Debt reduced to 500 DSC first

# 5. Then 1 ETH redeemed, leaving 1 ETH collateral

# 6. Health factor = (2000 * 0.5) / 500 = 2.0 (still healthy)

# 7. But if order was reversed and there was a bug, it might allow invalid operations

```

Recommended Mitigation

```diff

@external

def redeem_collateral_for_dsc(

token_collateral_address: address,

amount_collateral: uint256,

amount_dsc_to_burn: uint256,

- self._burn_dsc(amount_dsc_to_burn, msg.sender, msg.sender)

self._redeem_collateral(

token_collateral_address, amount_collateral, msg.sender, msg.sender

)

+ self._burn_dsc(amount_dsc_to_burn, msg.sender, msg.sender)

self._revert_if_health_factor_is_broken(msg.sender)

```

Alternatively, document why this order is intentional and add comments explaining the rationale.

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge 16 days ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!