Tokens such as WBTC can be paused be admin therby preventing transfers.
contract WBTC is StandardToken, DetailedERC20("Wrapped BTC", "WBTC", 8),
MintableToken, BurnableToken, PausableToken, OwnableContract {
function burn(uint value) public onlyOwner {
super.burn(value);
}
function finishMinting() public onlyOwner returns (bool) {
return false;
}
function renounceOwnership() public onlyOwner {
revert("renouncing ownership is blocked");
}
}
Vulnerability Details
In the constructor function of DSCEngine.sol,
// For example ETH / USD, BTC / USD, MKR / USD, etc
for (uint256 i = 0; i < tokenAddresses.length; i++) {
s_priceFeeds[tokenAddresses[i]] = priceFeedAddresses[i];
s_collateralTokens.push(tokenAddresses[i]);
}
The protocol might accept such tokens
Impact
Users cannot be liquidated if the collateral token is paused
hans-cyfrin
commented
1 year ago
Pausable collaterals
Severity
High Risk
Summary
Tokens such as WBTC can be paused be admin therby preventing transfers.
Vulnerability Details
In the constructor function of DSCEngine.sol,
The protocol might accept such tokens
Impact
Users cannot be liquidated if the collateral token is paused
Tools Used
Manual review
Recommendations
Use unpausable tokens as collaterals.