Summary

An issue arises in DSCEngine.sol _calculateHealthFactor method when the USD value of the collateral is less than 2. The resulting health factor calculation is inaccurate due to integer truncation in Solidity. This problem could lead to user loosing funds as small quantities of collateral may not be redeemable when technically they should be.

Vulnerability Details

The specific issue occurs within the _calculateHealthFactor method in DSCEngine.sol. When the value of the collateral in USD is less than $2, such as $1.5, and the totalDscMinted is 1, the computed health factor becomes invalid. The reason behind this due to integer truncation in Solidity, leading to truncation to 0 which is not the correct output.

Impact

User can loos funds as they might be unable to redeem small amounts of collateral based on their position's health even when technically it should be possible.

Tools Used

Slither:

DSCEngine._calculateHealthFactor(uint256,uint256) (src/DSCEngine.sol#337-345) performs a multiplication on the result of a division:

• collateralAdjustedForThreshold = (collateralValueInUsd * LIQUIDATION_THRESHOLD) / LIQUIDATION_PRECISION (src/DSCEngine.sol#343)

• (collateralAdjustedForThreshold * 1e18) / totalDscMinted (src/DSCEngine.sol#344)
  Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#divide-before-multiply

Recommendations

To avoid truncation and ensure a precise health factor calculation, the _calculateHealthFactor() function can be refactored as follow: