DSCEngine.sol Minimal_Health_Factor Leads to Unnecessary User Liquidations
Summary
The DSCEngine.sol contract contains an embedded issue known as Minimal_Health_Factor. This concern can result in user liquidation even when adequate collateral is present, owing to an excessively high fixed value.
Vulnerability Details:
The fixed value of 1e18 ignores collateral exceeding 200%, leading to unintended liquidations, especially involving USDC and DAI tokens.
This issue arises because the code assumes that WETH/WBTC will always be the collateral and calculates it like this: uint256 private constant MIN_HEALTH_FACTOR = 1e18. However, in reality, it could be any token interacting with Chainlink. This means that if you use, for example, USDC or DAI and mint 100 tokens with 200 DAI/USDC as collateral, someone could directly liquidate you by paying 100 DSC and taking 200 USDC, even though you provide 200% collateral. This happens because you will always be below MIN_HEALTH_FACTOR = 1e18. In the case of USDC, your value would be 200e6, which is less than 1e18.
Link
https://github.com/Cyfrin/2023-07-foundry-defi-stablecoin/blob/main/src/DSCEngine.sol#L74
Impact
Users may encounter unanticipated liquidation despite holding secure collateral, translating to notable financial losses. The liquidation process may be protracted and costly, compounding the ramifications.
Tools Used:
The bug was identified through manual code review by skilled analysts.
Recommendations:
To prevent unjustified liquidations, it is advisable to incorporate a more sophisticated liquidation mechanism. This system should encompass diverse collateral types and precisely gauge insolvency.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.