Summary

(Even if we don't meet the known bug when the protocol is 100% or less collateralized)...
Liquidators will never get the total collateral deposited by a bad user even if they pay de full dsc user's debt. They would have only the 10% bonus as incentive for they to liquidate a bad user.

Vulnerability Details

When a liquidator calls the liquidate() function and the health factor of a bad user is less than the minimum allowed by the protocol. The code calculates the tokenAmountFromDebtCovered by using the getTokenAmountFromUsd(collateral, debtToCover) function... meaning that we make a convertion of how much of the chosen collateral covers the amount that the liquidator is going to pay with the DSC he is going to transfer to the dscEngine in the same liquidate transaction... In other words the calculating bonusCollateral will be the only incentive a liquidator will get from the protocol once the liquidate function has been done succesfully.

Impact

Liquidators will not have enough incentives for paying the user's debts. They will get only the 10% bonus of the paid amount... without taking in consideration that the liquidator needs to pay with DSC...meaning that at somepoint they will have to pay interests for the minted DSC. The protocol would be at risk if several users reach less than the minimun health factor allowed.

Tools Used

I only used foundry while coding along the project showcased on youtube by patrick Collins.

Recommendations

Liquidators should be incentivized with the total collateral deposited by a bad user or a higher bonus.
Another option would be to track the proportion of the collateral value deposited and the minted DSC and then use the same proportion to calculate the bonus liquidators could get.