Algo Ssstablecoinsss

First Flight #30
Beginner FriendlyDeFi
100 EXP
View results
Submission Details
Severity: high
Invalid

Access Control Vulnerabilities in DSC Engine - Unrestricted Burn and Mint Functions

Summary:
The dsc_engine contract contains critical access control vulnerabilities in the _burn_dsc and _mint_dsc functions. These functions allow unauthorized users to perform actions (burning and minting DSC tokens) without any proper checks, which could lead to arbitrary burns or mints by anyone. These issues could be exploited to manipulate the DSC supply, causing instability and potential financial loss.

Line#259-265

Vulnerability 1: Unrestricted Burn Function (_burn_dsc)
Vulnerability Details:

  • Function: _burn_dsc(amount_dsc_to_burn, on_behalf_of, dsc_from)

  • Issue: The function does not restrict who can burn DSC tokens on behalf of other users. This means any user can burn DSC for any other address, bypassing the intended access controls.

Impact:

  • Lack of success verification for the external burn call can lead to inconsistent contract state.

  • Unauthorized users can reduce the DSC balance of any account, potentially allowing malicious manipulation of the protocol’s debt system.

Tools Used:

Recommendations:

  • Access Control:
    Implement authorization checks to ensure only the user or a trusted address can burn DSC tokens on behalf of others.

  • Copy code

    assert msg.sender == on_behalf_of, "Unauthorized burn"

  • Success Check:
    Ensure that the external burn call is successful before modifying state variables.

  • Copy code

    assert DSC.burn_from(dsc_from, amount_dsc_to_burn), "Burn failed"

Vulnerability 2: Unrestricted Mint Function (_mint_dsc)

Line#233-239

Vulnerability Details:

  • Function: _mint_dsc(amount_dsc_to_mint)

  • Issue: The function does not include any access control, meaning any user can mint DSC tokens for themselves.

  • Impact:

    • Users can mint arbitrary amounts of DSC, leading to inflation and destabilization of the DSC token.

    • There is also no success check for the external mint call, which could result in an inconsistent contract state.

Recommendations:

  • Access Control:
    Implement authorization checks to ensure that minting is only possible by authorized users.

  • Copy code

    assert msg.sender == authorized_address, "Unauthorized mint"

  • Success Check:
    Ensure that the external mint call is successful before updating the user’s balance.

  • Copy code

    assert DSC.mint(msg.sender, amount_dsc_to_mint), "Mint failed"

Updates

Lead Judging Commences

bube Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.