15,000 USDC
View results
Submission Details
Severity: medium

Avoid Multiplications before Division

Summary

Despite the solidity version having safe-math in-built it is still a good practice to divide before you multiply in your business logic to avoid potential unexpected behaviour.

Vulnerability Details

This funtion has potential vulnerabilities
The function DSCEngine._calculateHealthFactor contains a potential issue of dividing before multiplying. The result of a division operation is multiplied by 1e18 without proper handling for rounding or precision errors. This could lead to unintended consequences in certain scenarios.

function _calculateHealthFactor(uint256 totalDscMinted, uint256 collateralValueInUsd)
    internal
    pure
    returns (uint256)
{
    if (totalDscMinted == 0) return type(uint256).max;
    uint256 collateralAdjustedForThreshold = (collateralValueInUsd * LIQUIDATION_THRESHOLD) / LIQUIDATION_PRECISION;
    return (collateralAdjustedForThreshold * 1e18) / totalDscMinted;
}

Impact

Loss of funds and unexpected behavior

Tools Used

Manual review

Recommendations

Always divide before you multiply in your business logic.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.