Summary

While most of Chainlink's USD feeds are 8 decimals they are not restricted to that, if a token feed is ever added that is not 8 decimals users will be able to mint a lot more DSC than they should be able to.

Vulnerability Details

When getting the usd value of a users collateral the getUsdValue function assumes the priceFeed is 8 decimal places, however this restriction is not enforced.
If a token is ever added that has more than 8 decimals such as AAMP/USD then the return value can be overestimated. AMPL's current value is ~$1.12 and if it was fetching the price for 1 token it would be expected that getUsdValue would return: 1,120,000,000,000,000,000.
However it would currently return: 11,200,000,000,000,000,000,000,000,000

USDValue = ((uint256(price) * ADDITIONAL_FEED_PRECISION) * amount) / PRECISION;
= (1.12e18 * 1e10) * 1e18) / 1e18)
= 1.12e28

This would result in a users collateral being overestimated and health checks passing when they should not.

Impact

When a price feeds decimals does not == 8 any user could deposit a small amount of collateral and mint much more DSC than they should be able to.

Tools Used

Manual Review

Recommendations

Add a check restricting a feeds decimals to 8: