Algo Ssstablecoinsss
AI First Flight #2
Beginner FriendlyDeFi
EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: high
Invalid

L-1 — No zero amount check in _redeem_collateral

anasss

Root + Impact

_redeem_collateral has no assert amount_collateral > 0 check, allowing anyone to call

Impact: waste of gas

Description

_redeem_collateral has no assert amount_collateral > 0 check, allowing anyone to call redeem_collateral(token, 0) which emits a fake CollateralRedeemed event with zero amount, wastes gas, and pollutes the event logs — while _deposit_collateral correctly has this check.

// Root cause in the codebase with @> marks to highlight the relevant section

Risk

Likelihood:

  • Medium — anyone can call this with zero amount at any time with no special conditions required.

Impact:

  • Low — no funds are lost. Transaction succeeds but does nothing useful. Wastes caller's gas and emits a misleading event with zero amount polluting the event logs.

Proof of Concept

User calls redeem_collateral(weth_address, 0)
No revert occurs
user_to_token_address_to_amount_deposited subtracts 0 — no change
CollateralRedeemed event emits with amount_collateral = 0
IERC20.transfer(user, 0) is called — transfers nothing
Event logs now contain a misleading zero amount redemption
Off-chain tools reading events see a redemption that never actually happened

Recommended Mitigation:

Add the same zero amount check that exists in_deposit_collateral:

- remove this code
+ add this code
@internal
def _redeem_collateral(
token_collateral_address: address,
amount_collateral: uint256,
_from: address,
_to: address,
):
assert amount_collateral > 0, "DSCEngine__NeedsMoreThanZero" # ← add this
...
Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 8 hours ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!