search

Cyfrin / 2023-07-foundry-defi-stablecoin

37 stars 32 forks source link

Inability to Withdraw Remaining Funds When All DSC is Redeemed #1067

Closed codehawks-bot closed 1 year ago

codehawks-bot commented 1 year ago

Inability to Withdraw Remaining Funds When All DSC is Redeemed

Severity

High Risk

Relevant GitHub Links

https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol

Summary

In the current implementation of DSCEngine.sol, there is no mechanism to withdraw remaining funds when all DSC tokens have been redeemed and no more are in circulation. This can lead to funds being permanently locked in the contract.

Vulnerability Details

If all DSC tokens are redeemed and no more are in circulation, there's currently no way to withdraw the remaining funds in the contract.

Impact

The inability to withdraw remaining funds when all DSC is redeemed can lead to funds being permanently locked in the contract.

Recommendations

Create a function that allows the withdrawal of remaining funds when all DSC tokens have been redeemed and none are in circulation. Here is a potential code snippet:

function withdrawRemainingFunds(address treasury) external onlyOwner {
    require(totalSupply() == 0, "DSC tokens are still in circulation.");
    uint256 remainingFunds = ReserveToken.balanceOf(address(this));
    ReserveToken.transfer(treasury, remainingFunds);
}

Implement secure access control, event logging, and conduct thorough testing and auditing to ensure proper functionality.

hans-cyfrin commented 1 year ago

redeemCollateral can be used. Invalid.