Algo Ssstablecoinsss

First Flight #30
Beginner FriendlyDeFi
100 EXP
View results
Submission Details
Severity: high
Invalid

The function redeem_collateral_for_dsc does not follow the Check-Effects-Interactions (CEI) pattern and is vulnerable to reentrancy attacks.

Summary

The function redeem_collateral_for_dsc appears to be designed to facilitate the redemption of collateral in exchange for burning a specified amount of debt-stabilized cryptocurrency (DSC). Here's a detailed breakdown of its purpose and functionality:

The main objective of this function is to allow users to redeem their collateral by burning a specified amount of DSC. This helps manage the user's debt and maintain the stability of the system.

Vulnerability Details

The function not follow the CEI pattern. The check for the health factor is at the end of function self._revert_if_health_factor_is_broken(msg.sender)

self._burn_dsc(amount_dsc_to_burn, msg.sender, msg.sender)
self._redeem_collateral(
token_collateral_address, amount_collateral, msg.sender, msg.sender
)
self._revert_if_health_factor_is_broken(msg.sender)

Impact

The function does not follow the Check-Effects-Interactions (CEI) pattern and the _redeem_collateral function can be used for a reentrancy attack. All tokens from the protocol can be stolen.

Tools Used

manual review

Recommendations

Please fallow the CEI pattern:

self._revert_if_health_factor_is_broken(msg.sender)
self._burn_dsc(amount_dsc_to_burn, msg.sender, msg.sender)
self._redeem_collateral(
token_collateral_address, amount_collateral, msg.sender, msg.sender
)
Updates

Lead Judging Commences

bube Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.