Despite the solidity version having safe-math in-built it is still a good practice to divide before you multiply in your business logic to avoid potential unexpected behaviour.
This funtion has potential vulnerabilities
The function DSCEngine._calculateHealthFactor contains a potential issue of dividing before multiplying. The result of a division operation is multiplied by 1e18 without proper handling for rounding or precision errors. This could lead to unintended consequences in certain scenarios.
function _calculateHealthFactor(uint256 totalDscMinted, uint256 collateralValueInUsd)
internal
pure
returns (uint256)
{
if (totalDscMinted == 0) return type(uint256).max;
uint256 collateralAdjustedForThreshold = (collateralValueInUsd * LIQUIDATION_THRESHOLD) / LIQUIDATION_PRECISION;
return (collateralAdjustedForThreshold * 1e18) / totalDscMinted;
}
Loss of funds and unexpected behavior
Manual review
Always divide before you multiply in your business logic.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.