User may not able to mint DSC even if user has enough collateral
Summary
User may not able to mint DSC even if user has enough collateral, due to incorrect calculation of collateral value.
Vulnerability Details
When user mints DSC, protocol will check user's health factor to ensure user has enough collateral.
The health factor is calculated by ((collateralValueInUsd * LIQUIDATION_THRESHOLD) / LIQUIDATION_PRECISION) * 1e18 / totalDscMinted, and the check will not pass if heal factor is less than MIN_HEALTH_FACTOR (1e18).
The calculation method for collateralValueInUsd is (price * ADDITIONAL_FEED_PRECISION * amount) / PRECISION, here ADDITIONAL_FEED_PRECISION is 1e8 and PRECISION is 1e18, however, this calculation does not work for token with different decimals other than 18.
Let's assume WBTC's price is 20000u, to mint 10000 DSC (10000e18), user needs to provide 1 WBTC (1e8), we can get collateralValueInUsd = (20000e8 * 1e10 * 1e8) / 1e18 = 0.000002e18, following that health factor is ((0.000002e18 * 50) / 100) * 1e18 / 10000e18 = 1e8, as health factor is much smaller than MIN_HEALTH_FACTOR, user is not able to mint DSC.
Impact
User cannot mint DSC even if user has enough collateral.
Please see the tests:
Tools Used
Manual Review
Recommendations
collateralValueInUsd should be calculated by (price * ADDITIONAL_FEED_PRECISION * amount) / collateral_decimals.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.