Algo Ssstablecoinsss

AI First Flight #2

Beginner FriendlyDeFi

EXP

View results

Previous Next

Submission Details

Severity: high

Valid

in the function revert () if health factor is broken constant variable min health factor is only for WETH

comfortnurse021

Summary

The _revert_if_health_factor_is_broken function is responsible for ensuring that a user's health factor meets the minimum required standard. There is only implementation for WETH.

Vulnerability Details

In the function, there is only implementation for WETH.

@internal
def _revert_if_health_factor_is_broken(user: address):
user_health_factor: uint256 = self._health_factor(user)
assert (
user_health_factor >= MIN_HEALTH_FACTOR
), "DSCEngine__BreaksHealthFactor"

https://github.com/CodeHawks-Contests/ai-algo-ssstablecoinsss/blob/1a4a6174856ff3e27cfc801619d8a4cd386c6111/src/dsc_engine.vy#L268-275

Value of the MIN_HEALTH_FACTOR=10^18is higher than the Satoshi factor which is 10^8.

As a result, for WBTC, the user_health_factor can be inflated to more than 101010^{10} times its normal value.

Impact

Bigger value of MIN_HEALTH_FACTOR for WBTC allows on bigger value of user_health_factorand wrong value when

function should revert.

Tools Used

manual review

Recommendations

Add MIN_HEALTH_FACTOR also for WBTC.

@internal
def _revert_if_health_factor_is_broken(user: address):
user_health_factor: uint256 = self._health_factor(user)

@internal

def _revert_if_health_factor_is_broken(user: address):

user_health_factor: uint256 = self._health_factor(user)

# Check if the user's token is WBTC and adjust health factor accordingly

if user_health_factor >= (MIN_HEALTH_FACTOR * 10**10):

# If user health factor is higher due to WBTC precision, still ensure it meets the minimum

assert user_health_factor >= MIN_HEALTH_FACTOR, "DSCEngine__BreaksHealthFactor"

else:

assert user_health_factor >= MIN_HEALTH_FACTOR, "DSCEngine__BreaksHealthFactori

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge 1 day ago

Submission Judgement Published

Validated

Assigned finding tags:

[H-01] In the function \_revert_if_health_factor_is_broken constatnt variable MIN_HEALTH_FACTOR is only for WETH.

## Description The `_revert_if_health_factor_is_broken` function is responsible for ensuring that a user's health factor meets the minimum required standard. There is only implementation for WETH. ## Vulnerability Details In the function, there is only implementation for WETH. ```Solidity @internal def _revert_if_health_factor_is_broken(user: address): user_health_factor: uint256 = self._health_factor(user) assert ( user_health_factor >= MIN_HEALTH_FACTOR ), "DSCEngine__BreaksHealthFactor" ``` Value of the `MIN_HEALTH_FACTOR=10^18`is higher than the Satoshi factor which is 10^8. As a result, for WBTC, the `user_health_factor` can be inflated to more than 101010^{10} times its normal value. ## Impact Bigger value of MIN_HEALTH_FACTOR for WBTC allows on bigger value of `user_health_factor`and wrong value when function should revert. ## Recommendations Add MIN_HEALTH_FACTOR also for WBTC. ```Solidity @internal def _revert_if_health_factor_is_broken(user: address): user_health_factor: uint256 = self._health_factor(user) # Check if the user's token is WBTC and adjust health factor accordingly if user_health_factor >= (MIN_HEALTH_FACTOR * 10**10): # If user health factor is higher due to WBTC precision, still ensure it meets the minimum assert user_health_factor >= MIN_HEALTH_FACTOR, "DSCEngine__BreaksHealthFactor" else: assert user_health_factor >= MIN_HEALTH_FACTOR, "DSCEngine__BreaksHealthFactor" ```

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!