H-1: Health factor check only works for WETH, not WBTC due to decimal mismatch
Description
The _revert_if_health_factor_is_broken function only works correctly for WETH (18 decimals) but not for WBTC (8 decimals).
MIN_HEALTH_FACTOR is set to 10^18, but WBTC uses satoshi units (10^8). This means the health factor for WBTC positions is inflated by 10^10 compared to its expected value, allowing users to mint far more DSC than their WBTC collateral should permit.
The MIN_HEALTH_FACTOR = 10^18 threshold is designed for 18-decimal tokens. For WBTC with 8 decimals, the health factor check does not work as intended.
Risk
Impact: High — the health factor check is broken for WBTC, one of only two supported collateral types.
Likelihood: High — affects every WBTC deposit.
Recommended Mitigation
Add a separate MIN_HEALTH_FACTOR for WBTC that accounts for the decimal difference:
Normalize token amounts to 18 decimals in _get_usd_value so health factors are consistent across all tokens regardless of their decimal count.
Lead Judging Commences
[H-01] In the function \_revert_if_health_factor_is_broken constatnt variable MIN_HEALTH_FACTOR is only for WETH.
## Description The `_revert_if_health_factor_is_broken` function is responsible for ensuring that a user's health factor meets the minimum required standard. There is only implementation for WETH. ## Vulnerability Details In the function, there is only implementation for WETH. ```Solidity @internal def _revert_if_health_factor_is_broken(user: address): user_health_factor: uint256 = self._health_factor(user) assert ( user_health_factor >= MIN_HEALTH_FACTOR ), "DSCEngine__BreaksHealthFactor" ``` Value of the `MIN_HEALTH_FACTOR=10^18`is higher than the Satoshi factor which is 10^8. As a result, for WBTC, the `user_health_factor` can be inflated to more than 101010^{10} times its normal value. ## Impact Bigger value of MIN_HEALTH_FACTOR for WBTC allows on bigger value of `user_health_factor`and wrong value when function should revert. ## Recommendations Add MIN_HEALTH_FACTOR also for WBTC. ```Solidity @internal def _revert_if_health_factor_is_broken(user: address): user_health_factor: uint256 = self._health_factor(user) # Check if the user's token is WBTC and adjust health factor accordingly if user_health_factor >= (MIN_HEALTH_FACTOR * 10**10): # If user health factor is higher due to WBTC precision, still ensure it meets the minimum assert user_health_factor >= MIN_HEALTH_FACTOR, "DSCEngine__BreaksHealthFactor" else: assert user_health_factor >= MIN_HEALTH_FACTOR, "DSCEngine__BreaksHealthFactor" ```
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.