Summary

The DSCEngine.sol contract contains an embedded issue known as Minimal_Health_Factor. This concern can result in user liquidation even when adequate collateral is present, owing to an excessively high fixed value.

Vulnerability Details:

The fixed value of 1e18 ignores collateral exceeding 200%, leading to unintended liquidations, especially involving USDC and DAI tokens.
This issue arises because the code assumes that WETH/WBTC will always be the collateral and calculates it like this: uint256 private constant MIN_HEALTH_FACTOR = 1e18. However, in reality, it could be any token interacting with Chainlink. This means that if you use, for example, USDC or DAI and mint 100 tokens with 200 DAI/USDC as collateral, someone could directly liquidate you by paying 100 DSC and taking 200 USDC, even though you provide 200% collateral. This happens because you will always be below MIN_HEALTH_FACTOR = 1e18. In the case of USDC, your value would be 200e6, which is less than 1e18.

Link

https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol#L74

Impact

Users may encounter unanticipated liquidation despite holding secure collateral, translating to notable financial losses. The liquidation process may be protracted and costly, compounding the ramifications.

Tools Used:

The bug was identified through manual code review by skilled analysts.

Recommendations:

To prevent unjustified liquidations, it is advisable to incorporate a more sophisticated liquidation mechanism. This system should encompass diverse collateral types and precisely gauge insolvency.