Assessment reports>Prisma Finance>Discussion>Inaccurate require string

Inaccurate require string

The function burn in the DebtToken contract has a require statement as shown below. Here, the require string implies that the function can be called either by BorrowerOperations, TroveManager, or StabilityPool, but the require statement only checks if the function is called by troveManager.

function burn(address _account, uint256 _amount) external {
    require(
        troveManager[msg.sender],
        "Debt: Caller is neither BorrowerOperations nor TroveManager nor StabilityPool"
    );
    _burn(_account, _amount);
}```

The expected caller of this function is only `troveManager`, so the require string should be modified to imply the same.
Zellic © 2025Back to top ↑