Summary

In order to adequately monitor, off-chain, collateralisation levels and health factors for both individuals and for the "DSCEngine" contract as a whole there should be more events.

Vulnerability Details

Although default events are emitted for both burn and mint out of the openzeppelin ERC20 contract they do not contain enough useful information to monitor the overall health of the protocol.

Impact

Without this data, building an effective monitoring system for the protocol becomes a lot more difficult. This is essential for a number of reasons:

• the protocol's administrators can be quickly alerted to any issues which arise such as an attack

• the protocol's administrators can quickly respond to issues which minimises damage

• the overall health of the protocol in terms of collateralisation can be tracked which at present is not being tracked within the smart contract itself.

• users can be shown more data about their positions enhancing the customer's experience

• events can be used as triggers for contacting customers (if they were close to reaching a threshold)

• it enhances reporting to any agencies overseeing the industry

• data can be used to manage risk such as the debt ceiling

Tools Used

Hardhat Test Suite

Recommendations

It is recommended to add events for the "mintDsc", "burnDsc" and "liquidate" functions such as:
emit DscMinted(msg.sender, amountDscToMint, _healthFactor(msg.sender));
emit DscBurned(msg.sender, amount, _healthFactor(msg.sender));
emit UserLiquidated(user, msg.sender, debtToCover, totalCollateralToRedeem, _healthFactor(user));