DSCEngine.sol: Liquidations might not be possible especially when there are a lot of collaterals allowed
Summary
The DSCEngine.liquidate function only succeeds when the health of the account to be liquidated is restored (Link).
The issue is that liquidations might not be possible.
The account might hold different collaterals and liquidating any one of them is insufficient to bring up the health factor.
Vulnerability Details
Imagine a situation where there are 4 collaterals:
Token A, B, C, D
There are tokens minted and the value for each collateral is $100 (the collateral has lost value), which means that the total collateral value is .
Assuming DSC is 200% collateralized the account is now liquidatable.
However the account cannot be liquidated because by liquidating any of the collaterals we can only achieve a collateralization ratio of (without even considering the liquidation bonus which lowers the actual liquidation ratio that we can achieve).
Impact
It might be impossible to liquidate accounts in the case that there are quick drops in the collateral value.
So the user does not have to fear liquidation and can restore his account health when he wants.
Also the protocol runs into the risk of accruing bad debt which can cause DSC to depeg from USD.
Tools Used
Manual Review
Recommendations
It doesn't seem necessary to check that the health factor is restored after a call to liquidate.
What's important is that the account health is improved which is ensured by this check:
So I recommend to remove the line that reverts when the health is not restored (Link).
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.