redeem_collateral_for_dsc
and mint_dsc
functions lack access control, allowing unauthorized users to burn or mint DSC tokens. Additionally, calls to critical functions (_burn_dsc
, _mint_dsc
, _redeem_collateral
, _revert_if_health_factor_is_broken
) are unchecked, which may result in unexpected behavior, inconsistent states, or bypassed health factor checks in case of failures.Missing Access Control:
Neither redeem_collateral_for_dsc
nor mint_dsc
validates the caller's permissions. If _burn_dsc
and _mint_dsc
also lack access control internally, any user can mint or burn DSC tokens, undermining the protocol's integrity.
Unchecked Calls:
Calls to _burn_dsc
, _mint_dsc
, _redeem_collateral
, and _revert_if_health_factor_is_broken
are not validated for success. If any of these calls fail:
Collateral may be redeemed without burning the corresponding DSC tokens.
Minting DSC tokens could silently fail, misleading users.
Critical health factor checks may be bypassed, allowing unhealthy accounts to operate, potentially causing insolvency.
Unauthorized burning could enable users to unfairly manipulate their debt levels.
Failed or skipped calls could lead to locked collateral, insolvency, or inconsistent system states.
Access Control:
Implement access control checks (e.g., onlyOwner
, onlyRole
, or a whitelist) in redeem_collateral_for_dsc
, mint_dsc
, and their internal methods (_burn_dsc
, _mint_dsc
).
Ensure only authorized users can mint or burn DSC tokens.
Use assert
or require
to verify the success of all critical calls:
Copy code
assert self._burn_dsc(amount_dsc_to_burn, msg.sender, msg.sender)
For any external token transfers, validate success explicitly:
Copy code
assert ERC20(token_address).transfer(msg.sender, amount), "Transfer failed"
If _redeem_collateral
involves token transfers, implement a reentrancy guard or follow the Checks-Effects-Interactions pattern to prevent reentrancy attacks.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.