low

Improving the burnDsc() to allow users to mitigate their liquidation's impact

Reward

Total

7.94 USDC

0.64 USDC
0.64 USDC
0.64 USDC
0.64 USDC
0.64 USDC
0.64 USDC
0.64 USDC
Selected
0.90 USDC
0.64 USDC
0.64 USDC
0.64 USDC
0.64 USDC
Selected Submission

Improving the burnDsc() to allow users to mitigate their liquidation's impact

Severity

Low Risk

Relevant GitHub Links

https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/d1c5501aa79320ca0aeaa73f47f0dbc88c7b77e2/src/DSCEngine.sol#L214

Summary

The burnDsc() does not allow a user to partially burn some available DSC tokens to mitigate the liquidation's impact (if an amount of the burned tokens are not sufficient to improve their health factor to become healthy (> MIN_HEALTH_FACTOR)).

Vulnerability Details

In the situation that a user's health factor is unhealthy (< MIN_HEALTH_FACTOR), the user will not be able to partially burn some available of their minted DSC tokens to mitigate the liquidation's impact.

Specifically, the _revertIfHealthFactorIsBroken() in the burnDsc() will revert the transaction if the user's health factor is still unhealthy (even if the burning of the DSC tokens may improve the user's health factor).

    function burnDsc(uint256 amount) public moreThanZero(amount) {
        _burnDsc(amount, msg.sender, msg.sender);
@>      _revertIfHealthFactorIsBroken(msg.sender); // I don't think this would ever hit...
    }

https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/d1c5501aa79320ca0aeaa73f47f0dbc88c7b77e2/src/DSCEngine.sol#L214

Impact

The burnDsc() does not allow a user to partially burn some available DSC tokens to mitigate the liquidation's impact (if an amount of the burned tokens are not sufficient to improve their health factor to become healthy (> MIN_HEALTH_FACTOR)).

With this design choice, a user may face a big impact from the liquidation that cannot be mitigated.

Tools Used

Manual Review

Recommendations

Consider removing the _revertIfHealthFactorIsBroken() from the burnDsc() to enable a user to partially burn some available DSC tokens to mitigate their liquidation's impact.

    function burnDsc(uint256 amount) public moreThanZero(amount) {
        _burnDsc(amount, msg.sender, msg.sender);
-       _revertIfHealthFactorIsBroken(msg.sender); // I don't think this would ever hit...
    }