15,000 USDC
View results
Submission Details
Severity: low
Valid

Precision Loss in the Health Factor Calculation.

Summary - Vulnerability Details

Due to performing a multiplication on the result of a division, the _calculateHealthFactor loss precision while checking the collateralAdjustedForThreshold against the totalDscMinted.

(collateralAdjustedForThreshold * 1e18) / totalDscMinted;

Example:

Let's say the user collateral value in USD is $1001(in wei 1001000000000000000000) and the user tries to mint 500.5(in wei 500500000000000000000) DSC.

uint256 collateralAdjustedForThreshold = (collateralValueInUsd * LIQUIDATION_THRESHOLD) / LIQUIDATION_PRECISION;

After inserting the values in this formula 1001000000000000000000 * 50 / 100 the result will be 500000000000000000000.

We can see it lost 500000000000000000, the actual result should be 500500000000000000000 (500.5 DSC).

Due to that, if the user inserts the totalDscMinted value 500500000000000000000(which should be valid), he will see the DSCEngine__BreaksHealthFactor error.

(collateralAdjustedForThreshold * 1e18) / totalDscMinted;

Because this will return 999000999000999000 which is < than 1e18.

Impact

Users face the DSCEngine__BreaksHealthFactor error when such a calculation occurs.

Tools Used

Slither, Math, Solodit

Recommendations

Make sure to do all the multiplications before division.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.