Both tokens used for collateral are upgradeable, and in case they go rogue or get upgraded with malicious functionality, they open up re-entrancy attacks in several functions. For example, an attacker could call DSCEngine__liquidate
and start liquidating all the users that have lower health factor and absorb all the collateral without burning his own tokens.
If this situation would happen, the consequences of the protocol are disastrous. However, the likelihood is very minimal.
Manual review.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.