There is no way to liquidate a user when they use protocol with tokens that have less than 18 decimals.
Summary
getTokenAmountFromUsd calculatations are wrong while using tokens with less than 18 decimals. It is impossible to liquidate users even if they don't have enough collateral.
Vulnerability Details
During liquidation, getTokenAmountFromUsd is called as shown below:
Let's see what happens if collateral is the address of WBTC (just one example) token which has 8 decimals:
usdAmountInWei has 18 decimals, PRECISION has 18 decimals, uint256(price) has 8 decimals and ADDITIONAL_FEED_PRECISION has 10 decimals. Hence the return value of this function will be in 18 decimals. Which makes tokenAmountFromDebtCovered 18 decimal. Since WBTC has 8 decimal, further calculations will continue with 10^10 times more value than expected. Since this value is more than WBTC supply, liquidate function will always revert if WBTC is used as a collateral to liquidate.
Impact
There is no way to liquidate using WBTC or any other collateral that have less than 18 decimals as collateral. If we continue from WBTC example, when WBTC price is dropped users that hold WBTC as collateral won't be liquidateable and DSC will lose is peg and will be undercollateralized which lets to protocol insolvency. Since there is a known issue that "If the protocol ever becomes insolvent, there is almost no way to recover.", this problem will cause protocol to collapse. Holders of DSC will lose their funds because of depeg, hence this is a high level issue.
Tools Used
Manuel Review
Recommendations
Check token's decimal value in getAmountFromUsd and do further calculations accordingly.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.