0x52 - TauMath#_computeCR breaks vault compatibility with tokens that don't have 18 decimals

[sherlock-admin]

0x52

medium

TauMath#_computeCR breaks vault compatibility with tokens that don't have 18 decimals

Summary

The variables MIN_COL_RATIO and MAX_LIQ_COLL_RATIO in BaseVault are constants and are represented to 18 decimals. The issues is that TauMath#_computeCR always returns the ratio in the decimals of the collateral. The result is that BaseVault is incompatible with tokens that don't have 18 decimals.

Vulnerability Detail

TauMath.sol#L17-L21

    if (_debt > 0) {
        uint256 newCollRatio = (_coll * _price * Constants.PRECISION) / (_debt * 10 ** priceDecimals);

        return newCollRatio;
    }

When calculating newCollRatio the end results ends up being the same number of decimals as _coll. This means that 6 dp collateral will return a newCollRatio to 6 decimals.

BaseVault.sol#L123-L127

function getAccountHealth(address _account) public view returns (bool) {
    uint256 ratio = _getCollRatio(_account);

    return (ratio > MIN_COL_RATIO);
}

The ratio returned by this is directly compared against MIN_COL_RATIO (and MAX_LIQ_COLL_RATIO elsewhere) which are both constants and specified to 18 decimals. Since they are constants and can't be lowered the vault is incompatible with any token that isn't 18 dp.

Impact

Vault is incompatible with non-18 dp tokens

Code Snippet

TauMath.sol#L11-L27

Tool used

Manual Review

Recommendation

Ratio constants should be scaled the same number of decimals as the collateral.

Duplicate of #35