Summary

If price fluctuation (TOKEN/USD) is too fast (within a block), and hence the collateral USD value dips too low, then the protocol becomes insolvent.

Vulnerability Details

Imagine the following steps:

1. ETH/USD price from chainlink is $2000.

2. User calls depositCollateralAndMintDsc() using WETH with 1e17 (0.1 ETH) as collateral and mints 80 DSC. Collateral value is $200 and healthFactor is acceptable at 125e16 (1.25 * 1e18) right now.

3. ETH/USD experiences sudden price fluctuation within a single block and dips to $640.

4. Collateral value becomes $64 and healthFactor is at 4e17 (0.4 * 1e18) that is, value of loaned DSC > collateral ETH price.
   
   Since there is no incentive now for a liquidator, this becomes a 'bad loan'.

Impact

Loss of value due to 'bad loans'; protocol insolvency.

Tools Used

Manual review.

Recommendations

1. Price Oracles with Safeguards: Use multiple price oracles from different reputable sources to avoid reliance on a single data point. Additionally, consider implementing safeguards that reject or delay liquidations based on extreme price fluctuations or abnormal behavior, which could indicate potential market manipulation.

2. Dynamic Liquidation Thresholds: Instead of a fixed 200% collateralization requirement, you can implement dynamic liquidation thresholds that adjust based on market conditions. For example, if the price of the collateral token drops rapidly, the required collateralization ratio could temporarily increase to protect the protocol from insolvency. This adjustment could be triggered by a predefined price deviation or by monitoring the price trend over a certain period.