15,000 USDC
View results
Submission Details
Severity: high
Valid

User may not able to mint DSC even if user has enough collateral

Summary

User may not able to mint DSC even if user has enough collateral, due to incorrect calculation of collateral value.

Vulnerability Details

When user mints DSC, protocol will check user's health factor to ensure user has enough collateral.

The health factor is calculated by ((collateralValueInUsd * LIQUIDATION_THRESHOLD) / LIQUIDATION_PRECISION) * 1e18 / totalDscMinted, and the check will not pass if heal factor is less than MIN_HEALTH_FACTOR (1e18).

The calculation method for collateralValueInUsd is (price * ADDITIONAL_FEED_PRECISION * amount) / PRECISION, here ADDITIONAL_FEED_PRECISION is 1e8 and PRECISION is 1e18, however, this calculation does not work for token with different decimals other than 18.

Let's assume WBTC's price is 20000u, to mint 10000 DSC (10000e18), user needs to provide 1 WBTC (1e8), we can get collateralValueInUsd = (20000e8 * 1e10 * 1e8) / 1e18 = 0.000002e18, following that health factor is ((0.000002e18 * 50) / 100) * 1e18 / 10000e18 = 1e8, as health factor is much smaller than MIN_HEALTH_FACTOR, user is not able to mint DSC.

Impact

User cannot mint DSC even if user has enough collateral.
Please see the tests:

function testAudit() public {
// set WBTC price to 20000u
MockV3Aggregator(btcUsdPriceFeed).updateAnswer(20000e8);
vm.startPrank(user);
ERC20Mock(wbtc).approve(address(dsce), 1e8);
vm.expectRevert(abi.encodeWithSelector(DSCEngine.DSCEngine__BreaksHealthFactor.selector, 1e8));
dsce.depositCollateralAndMintDsc(wbtc, 1e8, 10000e18);
vm.stopPrank();
}

Tools Used

Manual Review

Recommendations

collateralValueInUsd should be calculated by (price * ADDITIONAL_FEED_PRECISION * amount) / collateral_decimals.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.