Summary

If the token that is used as collateral has less than 18 decimals, its USD value is underestimated, if it has more than 18 decimals it is overestimated

Vulnerability Details

When calculating the USD Value for a collateral in getUsdValue the following formular is used:

return ((uint256(price) * ADDITIONAL_FEED_PRECISION) * amount) / PRECISION;

This results in valuating tokens that have less than 18 decimals to low.

Example:
The collateral used is USDC that has 6 decimals. Assuming that the price of USDC is 1 USD, 100 USDC should be enough to mint 50 DSC.

Using the formular from above, valuating 100 USDC would result in:

((1 *1e8) * 1e10 )*100 *1e6)/ 1e18 = 100 * 1e6

Since this value is checked against the 50*1e18 (Value of DSC with 18 decimals, the health factor would be below 1 and the user could be liquidated even though the collateral is sufficient.

Impact

Users can be liquidated even though their health factor is high enough.

Tools Used

Manual review

Recommendations

Instead of dividing by PRECISION (1e18) divide by the decimals of the token used as collateral. This way the value of the collateral in USD will always be with 18 decimals.