Algo Ssstablecoinsss

First Flight #30
Beginner FriendlyDeFi
100 EXP
View results
Submission Details
Severity: medium
Invalid

decentralized_stable_coin.sol

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
import "@openzeppelin/contracts/access/Ownable.sol";
import "@chainlink/contracts/src/v0.8/interfaces/AggregatorV3Interface.sol";
contract DecentralizedStableCoin is ERC20, Ownable {
// Constants
string private constant NAME = "Decentralized Stable Coin";
string private constant SYMBOL = "DSC";
uint8 private constant DECIMALS = 18;
uint256 private constant TIMEOUT = 72 * 3600; // Oracle timeout: 72 hours
// State variables
address public oracleContract;
address public minter;
uint256 private _totalSupply;
mapping(address => bool) public allowedCollaterals;
mapping(address => mapping(address => uint256)) public collateralBalances;
// Events
event CollateralAdded(address indexed token);
event CollateralDeposited(address indexed user, address indexed token, uint256 amount);
event CollateralWithdrawn(address indexed user, address indexed token, uint256 amount);
event StablecoinMinted(address indexed to, uint256 amount);
event StablecoinBurned(address indexed from, uint256 amount);
// Constructor
constructor(address oracle, address minterAddress) ERC20(NAME, SYMBOL) {
oracleContract = oracle;
minter = minterAddress;
_totalSupply = 0;
}
// Modifier to restrict minting and burning to owner or minter
modifier onlyMinter() {
require(msg.sender == owner() || msg.sender == minter, "Only owner or minter allowed");
_;
}
// Add allowed collateral
function addAllowedCollateral(address token) external onlyOwner {
allowedCollaterals[token] = true;
emit CollateralAdded(token);
}
// Deposit collateral
function depositCollateral(address token, uint256 amount) external {
require(allowedCollaterals[token], "Token not allowed as collateral");
require(amount > 0, "Amount must be greater than zero");
_checkPriceFreshness(token);
// Transfer collateral to the contract
IERC20(token).transferFrom(msg.sender, address(this), amount);
collateralBalances[msg.sender][token] += amount;
emit CollateralDeposited(msg.sender, token, amount);
}
// Withdraw collateral
function withdrawCollateral(address token, uint256 amount) external {
require(collateralBalances[msg.sender][token] >= amount, "Insufficient collateral balance");
_checkPriceFreshness(token);
collateralBalances[msg.sender][token] -= amount;
IERC20(token).transfer(msg.sender, amount);
emit CollateralWithdrawn(msg.sender, token, amount);
}
// Mint stablecoins
function mint(address to, uint256 amount) external onlyMinter {
require(_collateralizationCheck(), "Insufficient collateral to mint stablecoins");
_mint(to, amount);
_totalSupply += amount;
emit StablecoinMinted(to, amount);
}
// Burn stablecoins
function burn(address from, uint256 amount) external onlyMinter {
_burn(from, amount);
_totalSupply -= amount;
emit StablecoinBurned(from, amount);
}
// Internal function to check price freshness using the Oracle
function _checkPriceFreshness(address token) internal view {
AggregatorV3Interface oracle = AggregatorV3Interface(oracleContract);
(, , , uint256 updatedAt, ) = oracle.latestRoundData();
require(block.timestamp - updatedAt <= TIMEOUT, "Price data is stale");
}
// Internal function to check collateralization ratio
function _collateralizationCheck() internal view returns (bool) {
// Placeholder logic: Add real collateralization ratio check
// Sum up the value of collateral and compare it to the stablecoins being minted
return true;
}
}

Vulnerability Details

Overdependence on Oracle which may not be updated in realtime may cause different outcomes especially during transactions.

Collateral token validity and also transfer verifier may cause issues during transactions or minting.

Tools Used

Recommendations:

The need to use more Oracle setups to enhance faster intervention due to emergencies. Also implementing an emergency stop mechanism controlled by a governance system.

Updates

Lead Judging Commences

bube Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Too generic

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.