AlgoStablecoin Audit

**
**

1. In this function we see that the amount is deducted from the user after contract data for the user is updated. This isn't that much of a breach, but generally it is advised that first we deduct the amount from the user then update contract data(the ultra safe way).

1. Here I cannot see any checks for how much maximum stablecoins can a person mint, based on collateral locked. This screenshot is from the internal function, but even in the public function calling this function dosent have any checks for this. If this isn't a check, this is the biggest vulnerability in this system.

   1. On a second thought, we think that must be checked inside the function revert_if_health_factor_broken, but we do not pass in amount inside that function so there is no way its doing the above mentioned check.

   2. Lets even say the function is checking contract data for the user and giving us the health factor for that instant, but we can pass in any amount and the function would go through!

   3. My recommendation would be to add a new function to get maximum mintable tokens, in a similar way for collateral as maximum withdrawable collateral.

1. Here, I cannot find any restriction for minting, for example only the engine contract can mint stablecoins and only checked users should be able to mint.

2. One another concern is if the round data is not updated from chainlink, the whole system crashes so we should have a secondary price source because mostly the contract depends upon pricefeed and if that data goes stale, whole system crashes and can be a huge concern.

3. My recommendation for this would be adding another source for price feeds or a default value in case the price comes out stale.