15,000 USDC
View results
Submission Details
Severity: low
Valid

Rounding error in calculation _calculateHealthFactor()

Summary

An issue arises in DSCEngine.sol _calculateHealthFactor method when the USD value of the collateral is less than 2. The resulting health factor calculation is inaccurate due to integer truncation in Solidity. This problem could lead to user loosing funds as small quantities of collateral may not be redeemable when technically they should be.

Vulnerability Details

The specific issue occurs within the _calculateHealthFactor method in DSCEngine.sol. When the value of the collateral in USD is less than $2, such as $1.5, and the totalDscMinted is 1, the computed health factor becomes invalid. The reason behind this due to integer truncation in Solidity, leading to truncation to 0 which is not the correct output.

Impact

User can loos funds as they might be unable to redeem small amounts of collateral based on their position's health even when technically it should be possible.

Tools Used

Slither:

DSCEngine._calculateHealthFactor(uint256,uint256) (src/DSCEngine.sol#337-345) performs a multiplication on the result of a division:

Recommendations

To avoid truncation and ensure a precise health factor calculation, the _calculateHealthFactor() function can be refactored as follow:

function _calculateHealthFactor(uint256 totalDscMinted, uint256 collateralValueInUsd)
internal
pure
returns (uint256)
{
if (totalDscMinted == 0) return type(uint256).max;
return (collateralValueInUsd * LIQUIDATION_THRESHOLD * 1e18) / (totalDscMinted * 100); /// Multiply first, then division
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.