The DSCEngine allows users to deposit collateral and mint a decentralized stablecoin. The contract, however, might not properly handle tokens that incorporate a fee-on-transfer mechanism, such as USDT. This can lead to potential discrepancies in the user's deposited collateral amount, affecting other operations in the contract.
Vulnerability Details
The depositCollateral() function is designed to receive collateral from a user. The function updates the user's collateral balance before the actual transfer of tokens occurs:
For tokens with a fee-on-transfer mechanism, the contract might not receive the full amountCollateral. The discrepancy between the actual balance of the contract and the s_collateralDeposited mapping might affect other operations.
Impact
If a user deposits a token that has a fee-on-transfer feature, the s_collateralDeposited mapping may record a higher balance than what the contract actually receives. This discrepancy could potentially allow a user to mint more stablecoins than they should be able to, based on their collateral. This could, in turn, lead to a lack of backing for the minted stablecoins, potentially causing instability in the system.
Tools Used
Manual review
Recommendations
After calling the transferFrom() function, compare the contract's token balance before and after the transfer. This will ensure that the actual transferred amount matches the expected amount.
Fee-On-Transfer tokens (such as USDT) as collateral support
Severity
Medium Risk
Relevant GitHub Links
https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol#L149-L161
Summary
The
DSCEngineallows users to deposit collateral and mint a decentralized stablecoin. The contract, however, might not properly handle tokens that incorporate a fee-on-transfer mechanism, such as USDT. This can lead to potential discrepancies in the user's deposited collateral amount, affecting other operations in the contract.Vulnerability Details
The
depositCollateral()function is designed to receive collateral from a user. The function updates the user's collateral balance before the actual transfer of tokens occurs:For tokens with a fee-on-transfer mechanism, the contract might not receive the full
amountCollateral. The discrepancy between the actual balance of the contract and thes_collateralDepositedmapping might affect other operations.Impact
If a user deposits a token that has a fee-on-transfer feature, the
s_collateralDepositedmapping may record a higher balance than what the contract actually receives. This discrepancy could potentially allow a user to mint more stablecoins than they should be able to, based on their collateral. This could, in turn, lead to a lack of backing for the minted stablecoins, potentially causing instability in the system.Tools Used
Manual review
Recommendations
After calling the
transferFrom()function, compare the contract's token balance before and after the transfer. This will ensure that the actual transferred amount matches the expected amount.