Lack of Functionality to Add New Collateral Tokens
Severity
Medium Risk
Summary
The DSCEngine contract lacks a crucial functionality to add new collateral tokens. This vulnerability is in contradiction with one of the business rules requirements, which states that the system should allow users to easily replace existing collateral tokens with a new basket of assets while maintaining the contract's functionality. The absence of a function to add new collateral tokens hampers the contract's flexibility and adaptability to evolving market conditions. It is recommended to address this vulnerability by implementing a mechanism to add new collateral tokens in alignment with the specified business rule.
Vulnerability Details
The vulnerability arises from the DSCEngine contract's design limitation, where there is no provision for adding new collateral tokens after the contract deployment. The contract was intended to allow users to swap out default collateral tokens (such as WETH and WBTC) for alternative assets while maintaining the core functionalities. However, the contract's current implementation lacks a dedicated function to facilitate this process, restricting the system's ability to evolve with changing user preferences and market dynamics.
Impact
Lack of Flexibility: Users are unable to customize their collateral portfolios by adding new tokens that better suit their risk appetite or investment strategies.
Non-compliance with Business Rules: The deficiency directly contradicts the stated business rule, limiting the contract's capacity to adapt to diverse collateral needs.
Reduced Competitiveness: The absence of this feature diminishes the platform's competitive advantage, as users may prefer platforms that offer more adaptable and customizable collateral options.
Tools Used
Manual Review
Recommendations
Add Function to Add Collateral Tokens: Develop and integrate a new function that allows contract administrators to add new collateral tokens following a well-defined process. This function should ensure that the newly added tokens are compatible with the existing contract logic.
Business Rule Alignment: Align the contract's behavior with the specified business rule, allowing users to seamlessly replace existing collateral tokens with alternative assets while maintaining the contract's functionality.
PatrickAlphaC
commented
1 year ago
Lack of Functionality to Add New Collateral Tokens
Severity
Medium Risk
Summary
The DSCEngine contract lacks a crucial functionality to add new collateral tokens. This vulnerability is in contradiction with one of the business rules requirements, which states that the system should allow users to easily replace existing collateral tokens with a new basket of assets while maintaining the contract's functionality. The absence of a function to add new collateral tokens hampers the contract's flexibility and adaptability to evolving market conditions. It is recommended to address this vulnerability by implementing a mechanism to add new collateral tokens in alignment with the specified business rule.
Vulnerability Details
The vulnerability arises from the DSCEngine contract's design limitation, where there is no provision for adding new collateral tokens after the contract deployment. The contract was intended to allow users to swap out default collateral tokens (such as WETH and WBTC) for alternative assets while maintaining the core functionalities. However, the contract's current implementation lacks a dedicated function to facilitate this process, restricting the system's ability to evolve with changing user preferences and market dynamics.
Impact
Lack of Flexibility: Users are unable to customize their collateral portfolios by adding new tokens that better suit their risk appetite or investment strategies.
Non-compliance with Business Rules: The deficiency directly contradicts the stated business rule, limiting the contract's capacity to adapt to diverse collateral needs.
Reduced Competitiveness: The absence of this feature diminishes the platform's competitive advantage, as users may prefer platforms that offer more adaptable and customizable collateral options.
Tools Used
Manual Review
Recommendations
Add Function to Add Collateral Tokens: Develop and integrate a new function that allows contract administrators to add new collateral tokens following a well-defined process. This function should ensure that the newly added tokens are compatible with the existing contract logic.
Business Rule Alignment: Align the contract's behavior with the specified business rule, allowing users to seamlessly replace existing collateral tokens with alternative assets while maintaining the contract's functionality.