Algo Ssstablecoinsss

First Flight #30
Beginner FriendlyDeFi
100 EXP
View results
Submission Details
Severity: high
Invalid

Missing Access Control and Unchecked Calls in Critical Functions

Summary:

The redeem_collateral_for_dsc and mint_dsc functions lack access control, allowing unauthorized users to burn or mint DSC tokens. Additionally, calls to critical functions (_burn_dsc, _mint_dsc, _redeem_collateral, _revert_if_health_factor_is_broken) are unchecked, which may result in unexpected behavior, inconsistent states, or bypassed health factor checks in case of failures.

Line: #L84-L108

Vulnerability Details:

  1. Missing Access Control:

    • Neither redeem_collateral_for_dsc nor mint_dsc validates the caller's permissions. If _burn_dsc and _mint_dsc also lack access control internally, any user can mint or burn DSC tokens, undermining the protocol's integrity.

  2. Unchecked Calls:

    • Calls to _burn_dsc, _mint_dsc, _redeem_collateral, and _revert_if_health_factor_is_broken are not validated for success. If any of these calls fail:

      • Collateral may be redeemed without burning the corresponding DSC tokens.

      • Minting DSC tokens could silently fail, misleading users.

      • Critical health factor checks may be bypassed, allowing unhealthy accounts to operate, potentially causing insolvency.

Impact: Unauthorized minting could inflate the DSC token supply, destabilizing the protocol and reducing trust.

  • Unauthorized burning could enable users to unfairly manipulate their debt levels.

  • Failed or skipped calls could lead to locked collateral, insolvency, or inconsistent system states.

Tools Used: Manual code review

Recommendations:

Access Control:

  • Implement access control checks (e.g., onlyOwner, onlyRole, or a whitelist) in redeem_collateral_for_dsc, mint_dsc, and their internal methods (_burn_dsc, _mint_dsc).

  • Ensure only authorized users can mint or burn DSC tokens.

Validate Function Calls**:**

  1. Use assert or require to verify the success of all critical calls:

Copy code

assert self._burn_dsc(amount_dsc_to_burn, msg.sender, msg.sender)

  1. For any external token transfers, validate success explicitly:

Copy code

assert ERC20(token_address).transfer(msg.sender, amount), "Transfer failed"

Reentrancy Protection**:**

  • If _redeem_collateral involves token transfers, implement a reentrancy guard or follow the Checks-Effects-Interactions pattern to prevent reentrancy attacks.

Updates

Lead Judging Commences

bube Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Appeal created

sonamakash54 Submitter
6 months ago
bube Lead Judge
6 months ago
bube Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.