Algo Ssstablecoinsss
AI First Flight #2
Beginner FriendlyDeFi
EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: high
Invalid

No zero amount check in _burn_dsc

anasss

Root + Impact

No assert amount_dsc_to_burn > 0 check exists in _burn_dsc or its external wrapper burn_dsc. The developer added zero checks in _deposit_collateral and liquidate but missed this function.

Impact: Low — no funds lost. Just wastes gas on every zero amount call.

Description

  • The _burn_dsc internal function does not validate that amount_dsc_to_burn is greater than zero. Calling burn_dsc(0) succeeds without reverting — it subtracts zero from the user's debt record, calls burn_from with zero amount, and runs an unnecessary health factor check. This wastes gas and is inconsistent with other functions in the protocol that validate amounts.es

// Root cause in the codebase with @> marks to highlight the relevant section

Risk

Likelihood:

  • Medium — anyone can call burn_dsc(0) at any time with no special conditions.Impact:

  • Impact: Low — no funds lost. Just wastes gas on every zero amount call.

Proof of Concept

User calls burn_dsc(0)
No revert occurs
user_to_dsc_minted subtracts 0 — no change
burn_from(user, 0) is called — burns nothing
_revert_if_health_factor_is_broken runs unnecessarily
User pays gas for a transaction that did absolutely nothing

Recommended Mitigation

Add zero check in _burn_dsc:

- remove this code
+ add this code
@internal
def _burn_dsc(
amount_dsc_to_burn: uint256, on_behalf_of: address, dsc_from: address
):
assert amount_dsc_to_burn > 0, "DSCEngine__NeedsMoreThanZero" # ← add this
self.user_to_dsc_minted[on_behalf_of] -= amount_dsc_to_burn
extcall DSC.burn_from(dsc_from, amount_dsc_to_burn)
Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 8 hours ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!