Algo Ssstablecoinsss

First Flight #30
Beginner FriendlyDeFi
100 EXP
View results
Submission Details
Severity: high
Invalid

Lack of Access Control in mint_dsc and burn_dsc functions in dsc_engine contract

Summary

The contract lacks proper access control for critical functions such as mint_dsc and burn_dsc, which allows any user to mint or burn DSC tokens. These functions are critical for managing the token supply, and their unrestricted usage poses significant security risks and can disrupt the token ecosystem.

Vulnerability Details

Both mint_dsc and burn_dsc are key functions responsible for the minting and burning of DSC tokens within the contract.
Access Control Issue: These functions do not have any form of access restriction, allowing any user or contract to call them without authorization.

Impact

  • Anyone can mint an unlimited number of DSC tokens, leading to inflation or devaluation of the token, which can destabilize the token's intended economic model.

  • Any user can burn DSC tokens, which could cause unintended token shortages or disrupt the token balance, leading to a malfunctioning token supply.

Tools Used

Manual Review

Recommendations

  • Introduce proper access control mechanisms such as modifiers (e.g., onlyOwner, onlyAuthorized) to restrict access to these critical functions. Only authorized addresses or contracts should be allowed to call mint_dsc and burn_dsc.

Updates

Lead Judging Commences

bube Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.