Precision Loss in the Health Factor Calculation.
Summary - Vulnerability Details
Due to performing a multiplication on the result of a division, the _calculateHealthFactor loss precision while checking the collateralAdjustedForThreshold against the totalDscMinted.
Example:
Let's say the user collateral value in USD is $1001(in wei 1001000000000000000000) and the user tries to mint 500.5(in wei 500500000000000000000) DSC.
After inserting the values in this formula 1001000000000000000000 * 50 / 100 the result will be 500000000000000000000.
We can see it lost 500000000000000000, the actual result should be 500500000000000000000 (500.5 DSC).
Due to that, if the user inserts the totalDscMinted value 500500000000000000000(which should be valid), he will see the DSCEngine__BreaksHealthFactor error.
Because this will return 999000999000999000 which is < than 1e18.
Impact
Users face the DSCEngine__BreaksHealthFactor error when such a calculation occurs.
Tools Used
Slither, Math, Solodit
Recommendations
Make sure to do all the multiplications before division.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.