gas

Misleading NatSpec for redeemCollateral function

Reward

Total

24.49 USDC

Selected
24.49 USDC
Selected Submission

Misleading NatSpec for redeemCollateral function

Severity

Gas Optimization / Informational

Relevant GitHub Links

https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol#L181

Summary

This comment on the redeemCollateral function is misleading * @notice If you have DSC minted, you will not be able to redeem until you burn your DSC

Vulnerability Details

The redeemCollateral function does not directly require the user to burn DSC to redeem their collateral. Instead, it checks whether the operation would break the health factor. In cases where a user has a high collateralization ratio, they may redeem some of their collateral without burning DSC while keeping their health factor above the threshold. Therefore, the NatSpec comment may inaccurately represent the redeemCollateral functionality under certain conditions.

PoC: Add this test to DSCEngineTest.t.sol and it passes

    function testCanRedeemCollateralWithSomeDSCMintedAndNotBurnDSC() public {
        //user deposits a large amout of weth and mints a small amount of dsc
        vm.startPrank(user);
        ERC20Mock(weth).approve(address(dsce), 1000);
        dsce.depositCollateralAndMintDsc(weth, 1000, 1);
        //user redeems some collateral without burning any dsc
        dsce.redeemCollateral(weth, 10);
        vm.stopPrank;
    }

Impact

This comment can lead users and auditors to misunderstand how the function works.

Tools Used

Manual Review

Recommendations

Remove the NatSpec line or further clarify that the redeemCollateral function may revert if the user has too much DSC minted and will need to burn DSC before calling the function again.